The wind God news management static version of 1. 7 vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201128959
Type myhack58
Reporter 佚名
Modified 2011-01-28T00:00:00


Publishing author: LinkEr

Affected versions: V1. 7 static version Official website:<>

Vulnerability type: design flaw Vulnerability Description: The Wind God news management static version of 1. 7 the presence of multiple vulnerabilities.


The background verify file wwwroot/admin/islogin. asp

==================================================================================== <% if session("admin")="" then response. Write("<br><br><div align='center'>you are not logged in or the operation times out, please<a href=login. asp

target=_top>login</a>.& lt;/div>") response. End() end if if instr(request. servervariables("http_referer"),"http://"&request. servervariables("http_host") )<1

then response. write "<br><br><div align='center'>to prohibit external access from the admin backend</div>" response. End() end if %>

==================================================================================== Is using session authentication cannot client spoofing vulnerability with the verification file is irrelevant.


1.1 wwwroot/admin/list. asp

<%@LANGUAGE="VBSCRIPT" CODEPAGE="9 3 6"%> <!--# include file="admin_conn. asp" - > //note didn't contain islogin. asp

<html> <head> <LINK href="admin_Css. css" type=text/css rel=stylesheet>

<meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>modify the information list</title>

<style type="text/css"> <!-- . STYLE1 { font-size: 14px; color: #0000FF; font-weight: bold; } --> </style> </head>

<body> <div align="center"> <p><br> <span class="STYLE1">admin home</span></p> <table class="table_back" width="5 6 7" border="0" cellspacing="1" cellpadding="0"> <tr> <td colspan="2"><div align="center" class="table_title">Server parameters</div></td> </tr>

<tr> <td width="1 1 5" class="table_td2"><div align="left"> server name</div> <div align="center"></div></td> <td width="4 4 9" class="table_td2"> <%=Request. ServerVariables("SERVER_NAME")%></td> </tr> <tr> <td class="table_td2"> server-IP</td> <td class="table_td2"> <%=Request. ServerVariables("LOCAL_ADDR")%></td> </tr> <tr> <td class="table_td2"> server port</td> <td class="table_td2"> <%=Request. ServerVariables("SERVER_PORT")%></td> </tr> <tr> <td class="table_td2"> server time</td> <td class="table_td2"> <%=now%></td> </tr> <tr> <td class="table_td2"> IIS version</td> <td class="table_td2"> <%=Request. ServerVariables("SERVER_SOFTWARE")%></td> </tr> <tr> <td class="table_td2"> the script timeout</td> <td class="table_td2"> <%=Server. ScriptTimeout%> seconds</td> </tr> <tr> <td class="table_td2"> the server number of CPUS</td> <td class="table_td2"> <%=Request. ServerVariables("NUMBER_OF_PROCESSORS")%></td> </tr> <tr> <td class="table_td2"> the server interpretation engine</td> <td class="table_td2"> <%=ScriptEngine & "/"& amp; by the scriptenginemajorversion

&"."& amp;ScriptEngineMinorVersion&"."& amp; ScriptEngineBuildVersion %></td> </tr> <tr> <td class="table_td2"> serveroperating system</td> <td class="table_td2"> <%=Request. ServerVariables("OS")%></td> </tr> <tr> <td class="table_td2"> FSO to read and write</td> //omitted irrelevant code ==================================================================================

1.2 wwwroot/admin/dir. asp

<!--# include file="dir. inc. asp" - > //dir. inc. asp content see#1.3 <meta HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=gb2312"> //note didn't contain isiogin. asp

[1] [2] [3] next