CCTV website small vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:6220069590
Type myhack58
Reporter 佚名
Modified 2006-06-06T00:00:00


CCTV website, happy dictionary the little bit of vulnerability Look at first page http://www. cctv. com/program/happygame Go to the registered members ! Selected register to become a Premium member ! The next step ! Which I don't have to teach it, then look at the back of the ! Is not to see something familiar, later I would not have said it, remove the local authentication code, to modify the submitted address, and then look at the following figure ! But where to go to find the photo address? Then look at the first page ! Modify the registered information, take a look inside ! See the Red fork fork? ! Look at the picture properties ! Find the address of the bar, but don't get too excited, CCTV or CCTV, take a look at this address. ! There is an error, then look at the source code, ! Weighs, the source code hasn't executed, estimates he put the file is stored to the database inside out, depressed?, CCTV or CCTV. This question is left to the master, who can solve the words you can and share with you.

However, if the file information inside if javascript code is certainly executed.