Set sail communication corporate website CMS system v1. 1 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201131341
Type myhack58
Reporter 佚名
Modified 2011-07-25T00:00:00


This is a broken system, take home the source the horse change it that is their own, also charges

Garbage system, but also on the source the horse is encrypted.

Vulnerability is a heap of

Background login authentication file:

<!--# include file="conn. asp" - >

<!--# include file="../class/Config. asp" - >

<!--# include file="inc/md5. asp" - >

<!--# include file="../class/Ubbsql. asp" - >


dim sql,rs

dim username,password,CheckCode




The above loading of the page actually did load the anti-injection. And receives the parameters actually used request. And there is no limit, the various injection together.

2, The front page of the presence of the injection




Set rsnews=Server. CreateObject("ADODB. RecordSet")

sql="update news set hits=hits+1 where id="&id

conn. execute sql

You can use the injected transit. Other pages I haven't looked.

Next look at the background to take the shell of vulnerability.

1, upload vulnerability,can have a bright kid uploaded.

2, The database backup,didn't do any restrictions. Uploaded pictures of horses, and then make a backup

3, web configuration, can be inserted into a closed formula a sentence to get the shell

For such a business Station。。。。 I'm speechless. it.