Easy and sun Shopping Mall v1. 4Cookies injection vulnerability This injection vulnerability seems to occur in the Home Shopping system. Looks like the network fun. The problem occurs in getpwd4. asp page. See the code:
System added anti-injection, get and post for the time being do not say, would give us the username for Cookie injection. In the tools on the wandering around time also found this problem. To borrow a paragraph: Because the program idea is to want to accept from the previous Set Password Form files submitted over the variables, but here we can not give it to submitted form variables, but allow it to accept our cookie set, the passwd is to use the request. from to accept, so we use the form to submit.
<form method="post" action="http://localhost/getpwd4.asp" > <!-- The following 1 2 3 4 5 6 to change the new password--> <input name="passwd" type="text" id="receipt" size="1 2" value="1 2 3 4 5 6"> <input class=go-wenbenkuang type="submit" value=" set password " name="submit"> </form>
>5 5 return an error, indicating the password of the first bit of the ASCII 5 5 i.e., the number 7, and so on,
But this hand guess the solution is too slow, then you can use the tool, but the premise also to generate a dedicated page. To Pangolin, he the character type of injection is better. Manually add a table name BJX_admin
Google for: inurl:product. asp? Iheeoid= This article from the San ㄗ Feng 訫 locks of love’S Blog http://www.virusest.com/