emseasy easy through the enterprise website system, the latest injection vulnerability and fix-vulnerability warning-the black bar safety net

2011-11-30T00:00:00
ID MYHACK58:62201132479
Type myhack58
Reporter 佚名
Modified 2011-11-30T00:00:00

Description

Easy to pass business website system latest injection vulnerabilities.

Injection EXP:

http://www.badguest.cn/celive/js/include.?cmseasylive=1111&departmentid=0

Directly on Havij the inside run. 错误 关键字 :online.gif

Add the table name: cmseasy_user

List: userid,username,password

Baidu keywords: Powered by CmsEasy

Fix: to include. the php page to filter the corresponding input