Water-like moonlight Dating system 2 0 1 0 injection vulnerability-vulnerability warning-the black bar safety net

2010-04-22T00:00:00
ID MYHACK58:62201026778
Type myhack58
Reporter 佚名
Modified 2010-04-22T00:00:00

Description

In the program getpass. asp this file.

if request. QueryString("action")="rsend" then

if request("uname")="" or request("uemail")="" then

response. Write("<script>alert(’please input login user name and registered e-mail address’);history. back();</script>")

end if

if request("upass1")="" or request("upass2")="" then

response. Write("<script>alert(’please enter the password or confirm password’);history. back();</script>")

end if

if request("upass1")<>request("upass2") then

response. Write("<script>alert(’please enter the password or 2nd password!’); history. back();</script>")

end if

uname=trim(request("uname"))

useremail=trim(request("uemail"))

set rs=server. CreateObject("adodb. recordset")

rs. open"select * from f_user where u_name=’"&uname&"’ and u_email=’"&useremail&"’",conn,1,1

if rs. eof and rs. bof then

response. Write("<script>alert(’no such account or e-mail address is incorrect’);history. back();</script>")

rs. close

set rs=nothing

else

set rs=server. CreateObject("adodb. recordset")

rs. open"select * from f_user where u_name=’"&uname&"’",conn,1,3

rs("u_pass")=md5(trim(request("upass1")),1 6)

rs. update

rs. close

set rs=nothing

response. Write "<script language=javascript>alert(’modify the new password success! of! Please click OK’);location. href=’login. asp’</script>"

end if

end if

It is obvious an injection vulnerability, but have to rely on hand to guess the solution. The front Desk I did not find anything you can use. Look at the background.

Look at the background verification file admin_check. asp

<%

if session("f_admin")="" then

response. Redirect("login. asp")

response. End()

end if

%>

A very obvious loophole, but the use of little value.

Is purely bored made this, hope you forgive me