Ning Chi website management system background without validation vulnerability and fix-vulnerability warning-the black bar safety net

ID MYHACK58:62201131256
Type myhack58
Reporter 佚名
Modified 2011-07-16T00:00:00


by Mr. DzY


The online search a bit,it seems like there is no release. Any resemblance purely coincidental!

官方 网站

School Site Management System V. 2 0 1 1 version

Other versions(such as:government, etc.), self download.

Vulnerability description:the backend all the files turned out to have no access to verify...quite speechless...even with people also many. Khan~~~

login. the asp code is as follows:

<% response. Write"<script language=javascript>alert('login success! Please carefully operation! Thank you!'); this. location. href='manage. asp';</script>" %>

manage. the asp code I will not post out. Anyway, didn't verify.

Just access the login page on successful login..... Ass~~~ about this himself said Do not understand!


Direct access to http://www. 0 8 5 5. tv/admin/manage. asp

Database operations:http://www. 0 8 5 5. tv/admin/manage_web. asp? txt=5&id=web5