G & Jan article system of 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62200925114
Type myhack58
Reporter 佚名
Modified 2009-10-25T00:00:00


G & Jan article system 0. 9. 6 presenceSQl injectionvulnerability

This system overall security to do good, whether it is from post, get or Cookies, etc. are filtered good, but in the ads. asp there is a little small problem, look at the code

getprice=request. querystring("priceid")

if Chkrequest(getprice) then if getprice="" or Not Isnumeric(getprice) then getprice=1 end if end if hangnum=1 lienum=1

The priceid is assigned the value of getprice, getprice do a series of filtering and judgment, but the priceid of the value of the unsolicited, I rummaged through the entire document did not find the priceid value of the process, so that we can construct their own one priceid value, due to the priceid is not the process, also there are security risks.

This address to the bright kid or. D on the line, note the column name you want to manually add the administrator account to A_user, password for A_pass)

Finally, the use of the method;

Google:Power By JYcms! Or inurl:Skill/Info. asp? infoid etc.

Default background:Manage/admin_login. asp

Into the background to get the Shell is not much to say. The vulnerability has informed the official, there are currently no patches