Ka edge talent cms injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200925254
Type myhack58
Reporter 佚名
Modified 2009-11-10T00:00:00


Vulnerability author: magic springs[B. S. N.] Vulnerability source: http://www.hacker.com.cn Source code download: do it yourself clothed in. Program version: Ka edge talent CMS system V6. 0 2(I only tested on a 6. 0 2, The old version we test it.) Vulnerability rating: high Vulnerability description: /API/API_Response. asp

Since the ip didn't do the filter for the update operation causes the injection vulnerability. If access restrictions are more. But you can use the following code to the test.

This will update the password to the email.

The analysis of this vulnerability also need to the following code analysis.

If IsNull(iName) Or iName = "" Or IsNull(iSysKey) Or iSysKey = "" Then 'if all are empty then the end of the call CheckSysKey = False Exit Function End If If Len(iSysKey) = 3 2 Then 'if the syskey length is 3 2 you get 9-1 6-bit iSysKey = Mid(iSysKey, 9, 1 6) End If Dim strFRKey, strFRKeyNew strFRKey = Md5(iName&API_SysKey,1 6) 'baf588a6ba715854 strFRKeyNew = Md5(iName&API_SysKey,1 6) 'baf588a6ba715854 If LCase(iSysKey) = LCase(strFRKey) Or LCase(iSysKey) = LCase(strFRKeyNew) Then CheckSysKey = True Else CheckSysKey = False End If

I only introduced probably, to the exploit code to, and you can see for yourself his program.