Thousand Bo cms map leads to the background and editor storm drain-vulnerability warning-the black bar safety net

ID MYHACK58:62201132168
Type myhack58
Reporter 佚名
Modified 2011-10-28T00:00:00


Brief description:

Three Ming network Technology Co., Ltd. do full is thousands of Bo CMS open source, Admin_SiteMap. asp files are not filtered background address and lead to vulnerabilities

Detailed description:

The site is thousands of Bo CMS open source, because there is no set Admin_SiteMap. asp filter the background, causing the background and the editor storm drain on the Site Map.

Vulnerability proof:


As shown in Figure

Repair solutions:

Modify the background directory under the Admin_SiteMap. the asp parameter Function Folderpermission(pathName) PathExclusion=Array("\temp","\sanming","\_vti_cnf","_vti_pvt","_vti_log","cgi-bin","\admin","\edu") Folderpermission =True for each PathExcluded in PathExclusion if instr(the ucase(pathName),the ucase(PathExcluded))>0 then Folderpermission = False exit for end if next End Function

The back catalog is filled into the can.