Qcms1. 0 vulnerability analysis-vulnerability warning-the black bar safety net

2009-03-25T00:00:00
ID MYHACK58:62200922644
Type myhack58
Reporter 佚名
Modified 2009-03-25T00:00:00

Description

The vulnerabilities are as follows: 1. Can download database. 2. Injection: The background of the login file

See the Login. asp(landing determination processing) The code is as follows: admin_name=trim(request. Form("admin_name")) admin_password=trim(request. Form("admin_password")) admin_password=md5(admin_password) if admin_name="" then session("admin_name")="" %> <SCRIPT LANGUAGE=vbscript> <!-- msgbox("please enter username!") window. self. location. href="admin_login. asp" --> </SCRIPT> <% else if admin_password="" then session("admin_name")="" %> <SCRIPT LANGUAGE=vbscript> <!-- msgbox("please enter password!") window. self. location. href="admin_login. asp" --> </SCRIPT> <% else sql="select * from admin where admin_name='"&amp; admin_name&"' and admin_password='"&amp; admin_password&"'" Obviously, the legend of the Universal password, to reproduce the world.

Upload vulnerability. Didn't make any judgment, also not. Useless permission judgment. The code does not give everyone on your own. Background a Plugin: fckeditor There are also upload vulnerability, online there, you see for yourself.

Storm Gallery: The code is as follows: <% set conn=server. createobject("adodb. connection") conn. open "driver={microsoft access driver (*. mdb)};dbq="&server. mappath("/db. mdb") %> No any treatment

This version and My to authors submit a vulnerability of the version difference! This version of the useless anti-injection.

On this few, simple, but very deadly.

Behind this a few versions, I the author presented a lot of vulnerability, basic repair, so just pick any punches, for everyone talking about this version.