Starlight media management system through the kill vulnerability-vulnerability warning-the black bar safety net

2011-10-30T00:00:00
ID MYHACK58:62201132195
Type myhack58
Reporter 佚名
Modified 2011-10-30T00:00:00

Description

Title: Starlight media management system through the kill vulnerability

Time: 2011-10-30

Team:makebugs

Author: fate

http://t.qq.com/MakeBug

http://hi.baidu.com/micropoor

'Although the vulnerability is due to carelessness, but enough to pass to kill the whole system

'Due to international issues, The code is not posted.

'The background to add the account does not verify the permissions, leads directly to add account

http://127.0.0.1/manageadmin/System/manage_admin.asp

http://127.0.0.1/manageadmin/System/manage_admin_add.asp

Other information:

http://127.0.0.1/manageadmin/editor/admin/login.asp

sUsername = "xgnic"

sPassword = "xgnic1281"

This system I will continue the analysis. Because it is relatively interesting. It is to verify a permissions problem, but can be cross-domain. The code is just too much. Later continue to patch code subsidies.