WanHu ezEIP 2. 0 injection vulnerability 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201131041
Type myhack58
Reporter 佚名
Modified 2011-06-26T00:00:00


System name: WanHu ezEIP

System version: 2.0

Vulnerability found by: Akast [N. S. T]

Security team: Neuron Security Team

Vulnerability type: SQL injection

Vulnerability file:/caseinfo. asp

Vulnerability variable: Newid=1&cid=1

Software type: business software

Development company: Guangzhou million network Technology Co., Ltd.

Vulnerability Description: You can use the injection vulnerability to get the site administrator permissions, so you can login to the website admin back-end/system/Login. aspx, and can obtain the webshell permissions.

Vulnerability scope: the use of WanHu ezEIP 2.0 website, there may be dangers! of!!

Patch download: official not released the patch.