Amanda enterprise website system cookie injection vulnerability 0day-vulnerability warning-the black bar safety net

2011-04-25T00:00:00
ID MYHACK58:62201130190
Type myhack58
Reporter 佚名
Modified 2011-04-25T00:00:00

Description

amanda/cg_ProductShow. asp

---------------------------------------------------------------

<%@ LANGUAGE = VBScript. Encode %> <!--# include file="Inc/SysProduct. asp" - > <% ShowSmallClassType=ShowSmallClassType_Article dim ID ID=trim(request("ID")) if ID="" then response. Redirect("cg_Product. asp") end if

sql="select * from cg_Product where ID=" & ID & "" Set rs= Server. CreateObject("ADODB. Recordset") rs. open sql,conn,1,3 if rs. bof and rs. eof then response. write"<SCRIPT language=JavaScript>alert('can not find this successful case!');" response. write"javascript:history. go(-1)</SCRIPT>" else rs("Hits")=rs("Hits")+1 rs. update %>

------------------------------------------------------------

Only filter the get post, the presence of the cookie injection, the injected transit.

amanda/cg_ProductShow. asp

http://localhost/jmCook.asp?jmdcw=169%20and%201=1