Vulnerability author: magic springs[B. S. N.] Vulnerability source: http://www.hacker.com.cn Source code download: do it yourself clothed in. Program version: Ka edge talent CMS system V6. 0 2(I only tested on a 6. 0 2, The old version we test it.) Vulnerability rating: high Vulnerability description: /API/API_Response. asp
Since the ip didn't do the filter for the update operation causes the injection vulnerability. If access restrictions are more. But you can use the following code to the test.
This will update the password to the email.
The analysis of this vulnerability also need to the following code analysis.
If IsNull(iName) Or iName = "" Or IsNull(iSysKey) Or iSysKey = "" Then 'if all are empty then the end of the call CheckSysKey = False Exit Function End If If Len(iSysKey) = 3 2 Then 'if the syskey length is 3 2 you get 9-1 6-bit iSysKey = Mid(iSysKey, 9, 1 6) End If Dim strFRKey, strFRKeyNew strFRKey = Md5(iName&API_SysKey,1 6) 'baf588a6ba715854 strFRKeyNew = Md5(iName&API_SysKey,1 6) 'baf588a6ba715854 If LCase(iSysKey) = LCase(strFRKey) Or LCase(iSysKey) = LCase(strFRKeyNew) Then CheckSysKey = True Else CheckSysKey = False End If
I only introduced probably, to the exploit code to, and you can see for yourself his program.