1/If admin doesn't change or delete user AdvWebadmin, the default password of this user is advcomm500349, you can creat your own account or use this account to hack the server. 1/ A foolish vulnerability, i can view the harddisk by using the file browse.asp in directory admin www.victim.com/admin/browse.asp?FilePath=c:\&Opt=2&level=0 BAODAINHAN baodainhan@fptnet.com www.viethacker.net
