Security Wei Bo imitation Taobao multi-user Mall program v7. 2 vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201026396
Type myhack58
Reporter 佚名
Modified 2010-03-11T00:00:00


==Estimation of many a fancy to Taobao guest number of procedures.

A relatively simple system. Program all types of variables are character type, use the Password = replace(request. form("password"),"'","") a similar such statement to filter single quotes, and don't know which bit of large cattle have the breakthrough method,the desired advise on). Although implantation is blocked, but there was conn storm library vulnerability, the file content is as follows: <!--# include file="dbase. asp" - > <% set conn=server. createobject("adodb. Connection") connstr="provider=Microsoft. Jet. OLEDB. 4. 0;Data Source=" & Server. MapPath(DB) 'If the server is old ACCESS, please use the following link 'connstr= "driver={Microsoft Access Driver(*. mdb)};dbq=" & Server. MapPath(DB) conn. Open connstr on error resume next %> <!--# include file="shop. asp" - > Although there are fault-tolerant statements, but the programmer has put him at the end, speechless.。 (Add directory structure, easy for everyone to understand this vulnerability, DB this variable value is"shopmdb#8 5 2. asp", conn. asp is located in the comm directory, and shopmdb#8 5 2. asp this file is in the conn. asp upper-level directory, that is, with the comm regarded as the"same directory level".) Then is the user registration module, still just with the JS locally to verify a bit, the database is of the asp type, not anti-download table, so inserted a word.