G & Jan article system 0. 9. 6 presenceSQl injectionvulnerability
This system overall security to do good, whether it is from post, get or Cookies, etc. are filtered good, but in the ads. asp there is a little small problem, look at the code
if Chkrequest(getprice) then if getprice="" or Not Isnumeric(getprice) then getprice=1 end if end if hangnum=1 lienum=1
The priceid is assigned the value of getprice, getprice do a series of filtering and judgment, but the priceid of the value of the unsolicited, I rummaged through the entire document did not find the priceid value of the process, so that we can construct their own one priceid value, due to the priceid is not the process, also there are security risks.
This address to the bright kid or. D on the line, note the column name you want to manually add the administrator account to A_user, password for A_pass）
Finally, the use of the method;
Google:Power By JYcms! Or inurl:Skill/Info. asp? infoid etc.
Default background:Manage/admin_login. asp
Into the background to get the Shell is not much to say. The vulnerability has informed the official, there are currently no patches