Kingtop content management software injection vulnerability and fix-vulnerability warning-the black bar safety net

ID MYHACK58:62201131027
Type myhack58
Reporter 佚名
Modified 2011-06-25T00:00:00


Vulnerability author: akast

Vulnerability details a brief description:

Vulnerability file:/news/index. aspx

Vulnerability variable: MenuID

Software type: business software

Vulnerability Description: You can use the injection vulnerability to get the site administrator permissions, so you can login to the website admin back-end webmanage/Login. aspx, and can obtain the webshell permissions.

Vulnerability scope: the use of Figure faction Kingtop content management software web site are potentially dangerous it!!! Vulnerability to prove:

Solution: the patch download: official not released the patch. Temporary solution: the filter index. aspx page MenuID variable input