Max CMS latest cookie injection vulnerability-vulnerability warning-the black bar safety net

2011-08-27T00:00:00
ID MYHACK58:62201131698
Type myhack58
Reporter 佚名
Modified 2011-08-27T00:00:00

Description

Vulnerability file: admin/admin_inc. asp

The code is as follows:

Sub checkPower //first 1 0 3 row dim loginValidate,rsObj : loginValidate = "maxcms2. 0" err. clear on error resume next set rsObj=conn. db("select m_random,m_level from {pre}manager where m_username=""& rCookie("m_username")&""","execute") rCookie function in the file inc/CommonFun. asp Function rCookie(cookieName) //Section 2 row 8 rCookie = request. cookies(cookieName) End Function

rCookie function only from a cookie read data didn't do any filtering, resulting in a cookie injection vulnerability.

Test method:modify the cookies value is injected.