Online admissions Application System 2 0 0 9 upload vulnerability+injection vulnerability-vulnerability warning-the black bar safety net

2009-03-04T00:00:00
ID MYHACK58:62200922390
Type myhack58
Reporter 佚名
Modified 2009-03-04T00:00:00

Description

Author:hiphop Article source:http://hi. baidu. com/securehiphop/ Online admissions Application System 2 0 0 9 upload vulnerability+injection vulnerability Today a little time to download a source code down to see the name of the online admissions Application System 2 0 0 9 Found two pages the problem The first one is upload vulnerability upload_link. asp The second one is the injection vulnerability/admin/BM_info. asp

The second injection pages in the admin directory/admin/BM_info. asp

The vulnerability occurs in the beginning BM_id=request("BM_id") // BM_id not filtered well so you can use to sqli sql="select * from BM_User where BM_id="& BM_id&"" rs. open sql,conn,1,3

Details of the free people in the download source the Malay look

View more serious is upload problem Occurs in upload_link. asp

Use google:inurl:upload_link. asp You can find a lot of related I found some schools are hanging code by google as a dangerous site,so earlier it was in the use of the UH

!

! To use the NC capture to upload or use the tool to upload it to see the personal habits

A successful submission to get to the SHELL !