News website Management System CMS v4. 0 the following version of the vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201130594
Type myhack58
Reporter 佚名
Modified 2011-05-24T00:00:00



I recently saw many blog friends called me prone to such vulnerabilities article, I today in an article, I'm in the webmaster's home found the non-reception of the program, so I'm down under take a look at this program how safe, and this program download to people more, in the webmasters home download the amount up to”hearing when the website Management System CMS download address(has been downloaded 7 1 2 1 6) “I in the http://down. chinaz. com/soft/1 4 5 2 3. htm download this program, in the webmaster's home this app is the latest, because there is no front Desk, so I jump directly to the admin website background directory watching code, which sets procedures in the security or may be, just may be the programmer negligence so there is a problem, we take a look in the admin directory under the admin_conn. asp file, this file code is very simple just a few words, we view the source code

<% mdb="../" %>

Simple enough right, but maybe it's because of programmers carelessness, so there are issues. this is a database link to the file, but because this file is not fault-tolerant statement, so the resulting storm database vulnerabilities the following is my present address http://localhost/news/admin/admin_conn.asp we put the last“/”into“%5c”then, ha ha, the storm library database address pull, everyone to see the screenshot

And this system there is no database of anti-downloading measures, the database can be easily download

This vulnerability repair method is very simple, just add the proofing statement

”ON ERROR RESUME NEXT“this sentence!!!!

This vulnerability should be the programmer's negligence, in the root directory also has a admin_conn. asp file, this file the programmer adds error protection statement,

This vulnerabilities great harm, please don't take this program used to do bad things!!!

This program should be there are other negligence of vulnerability, but I now these days not so time to look at the source code, I had some time I will see,

Please join in Oh!!!!!!!

I would like to declare, I go to the official to see a bit of, the program the latest version is 3. 9 This version also does not fix this vulnerability, so that the vulnerabilities pass to kill all versions

Also, because write articles reason, I put this program to the database extension, modified a bit, into the MDB, the program turned out to be the asp extension, but this vulnerability still exists, because some webmasters nothing security awareness, but in order to coat the convenience, the extension into the mdb after modifying the database, not the database filename to restore, so this vulnerability can take full advantage of, sin.!!!!!