Fragile shangdu v1. 0 1 Press system-vulnerability warning-the black bar safety net

2007-10-16T00:00:00
ID MYHACK58:62200717265
Type myhack58
Reporter 佚名
Modified 2007-10-16T00:00:00

Description

Last weekend at the forum saw a friend made a penetration shangdu official station of the post, the points go see a bit of the original is one of the official demo station of penetration. Penetration of the condition is the default password into the background, and then use the program whole and of eWebEditor to take a webshell on! And he said even if there is no default password you can also use the default eWebEditor for invasion.. But if all that is not the default? I think a little experience of the administrator necessarily will change these dangerous places! Then is not this program you have no vulnerabilities? I with questions download this program 1. 0 1 version. Here we see the outer is the appearance of the program inside of the original is how fragile it!

First look at the conn. asp <% db_path = "date/shangdu. mdb" Set conn= Server. CreateObject("ADODB. Connection") connstr = "Provider=Microsoft. Jet. OLEDB. 4. 0;Data Source="&Server. MapPath(db_path) conn. Open connstr %>

Everyone to see. The standard is not fault-tolerant statements. Proof Library of.. screen. width0.7) {this. resized=true; this. width=screen. width0.7; this. style. cursor='hand'; this. alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" alt="Click here to open new window CTRL+Mouse wheel to zoom in/out" src="/Article/UploadPic/2007-6/20076391722255.jpg" width=7 1 6 border=0 resized="true">

In the go database to see if the anti download. screen. width0.7) {this. resized=true; this. width=screen. width0.7; this. style. cursor='hand'; this. alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" alt="" src="/Article/UploadPic/2007-6/20076391723247.jpg" border=0>.

There is no anti-download. in. And the password is the clear text display(don't know why in the database to display the plaintext of the password is...), the screen. width0.7) {this. resized=true; this. width=screen. width0.7; this. style. cursor='hand'; this. alt='Click here to open new window\nCTRL+Mouse wheel to zoom in/out';}" alt="" src="/Article/UploadPic/2007-6/20076391723382.jpg" border=0>

See here I think there is no need to see anything.. Blast database and download the database you can easily into the background. In the use of eWebEditor to get the shell is not what difficult! To be honest this is a set of routines in addition to look good than safety is a 0。。。。 Also don't know the author is how to think!

ps:posting the time to find a forum that says v0. 2. I This is students help. That is v1. 0 1. I ran to take the official look has been updated into the 1. 0 2. The estimate is found 1. 0 1 There is a problem.