Ning Chi website management system background without validation vulnerability and fix-vulnerability warning-the black bar safety net

2011-07-16T00:00:00
ID MYHACK58:62201131256
Type myhack58
Reporter 佚名
Modified 2011-07-16T00:00:00

Description

by Mr. DzY

from www.0855.tv

The online search a bit,it seems like there is no release. Any resemblance purely coincidental!

官方 网站 :www.ningzhi.net

School Site Management System V. 2 0 1 1 version

http://down.chinaz.com/soft/29943.htm

Other versions(such as:government, etc.), self download.

Vulnerability description:the backend all the files turned out to have no access to verify...quite speechless...even with people also many. Khan~~~

login. the asp code is as follows:

<% response. Write"<script language=javascript>alert('login success! Please carefully operation! Thank you!'); this. location. href='manage. asp';</script>" %>

manage. the asp code I will not post out. Anyway, didn't verify.

Just access the login page on successful login..... Ass~~~ about this himself said Do not understand!

Exploit:

Direct access to http://www. 0 8 5 5. tv/admin/manage. asp

Database operations:http://www. 0 8 5 5. tv/admin/manage_web. asp? txt=5&id=web5