PJBLOG photo album plug-in there is a serious vulnerability-a vulnerability warning-the black bar safety net

ID MYHACK58:62200715625
Type myhack58
Reporter 佚名
Modified 2007-05-28T00:00:00


Continue the Halo one! The want to get hold of a PJ album plug-in to play, did not expect to pass up, vulnerability is I found.

The following I listed in the vulnerability details.


Software name: PJBLOG album plug-in V2. 0 Wizard full version

Vulnerability file: data. asp

Default path: http://你的BLOG地址/plugins/album/data.asp

Vulnerability Description: The data. asp file for the album database file, the file itself is not filtered well, the file does not use any effective efficacy means, if you directly open http://your BLOG address/plugins/album/data. asp you'll find, the files are completely exposed. What we see is a bunch of gibberish. But value in use is used to connect the ASP Trojan invasion using the program BLOG.

On the use of the means here I do not say, because that will lead to a large number of using the photo album BLOG by invasion.

Currently no official of this vulnerability any patch file