Crown Dragon technology corporate website through the kill vulnerability-vulnerability warning-the black bar safety net

2011-05-10T00:00:00
ID MYHACK58:62201130411
Type myhack58
Reporter 佚名
Modified 2011-05-10T00:00:00

Description

Whether it is the crown Dragon technology the 2 0 0 9 or Ultimate Edition, or latest V9. 2 There are Cookies injection,

The following is the productshow. the asp part of the code

ShowSmallClassType=ShowSmallClassType_Article dim ID ID=trim(request("ID")) if ID="" then response. Redirect("Product. asp") end if

sql="select * from glProduct where ID=" & ID & "" Set rs= Server. CreateObject("ADODB. Recordset") rs. open sql,conn,1,3

Obviously, in shownews. the asp page also exists a similar vulnerability, although the addition of the anti-injection system, but are aware of the General anti-injection system filter only post and get2 way, the Cookies way is simply not the tube, it is easy to inject

Said the following under use, you can try to download the default database address: Databases/%23Database. mdb

Google: format 0 5 7 1-8 5 6 3 5 8 1 0 default the background: admin/login. asp