OBLOG function adodb_loadfile()storm database analysis[the end]-vulnerability warning-the black bar safety net

ID MYHACK58:62200610410
Type myhack58
Reporter 佚名
Modified 2006-07-14T00:00:00


Today the quiet brother tell meLOG is storm the library, he said, is THEONE found in this thank him Storm library address is _help. asp? file=conn. ASP">http://www.**. com/user_help. asp? file=conn. ASP I pour~~~~ Open user_help. asp, take a look at the relevant code.

Do not look carefully, also nothing. Look carefully, the function adodb_loadfile()No for the asp filter. Lead adodb_loadfile("conn. asp")so that it can be. The final result? file=conn. ASP. Check out the storm library page's source code, conn. asp file and see the clear picture, the database, the database~~~~~~

Problem found, Supplement about it, is actually very simple, the function adodb_loadfile()deal with what is most perfect. However, the younger brother I never give up with a simple method. The if fname="" then Changed if fname="" or right(fname,3)<>"htm" then It is OK. The reason is very simple, only the htm file in order to be a function of the adodb_loadfile()call. OVER


There is also help. asp this file. Similarly

Estimation procedures there are other files in there call the function adodb_loadfile (), Simply modify the adodb_loadfile()this function. Open inc/function. asp Find: Function ADODB_LoadFile(ByVal File) ... End Function Modified: Function ADODB_LoadFile(ByVal File) If File="htm" then ... End If End Function Such truth, I don't need this brother explains it. Such a change, even if there is a file called adodb_loadfile()function, then, are not the problem. user_help. asp and help. asp are modified. Recommend this method