新 点 软件 asp.net vulnerability small analysis-vulnerability warning-the black bar safety net

2011-12-14T00:00:00
ID MYHACK58:62201132592
Type myhack58
Reporter 佚名
Modified 2011-12-14T00:00:00

Description

The new Point is mainly used gov net web site, the vulnerability relatively tasteless, if the site did not close the members register is available, (the Main Station fckeditor vulnerability has been patch) www.xxxx.com/member of path/ registration after login, click on Edit to add information, add attachments upload can't use

To add information, click on this article information will appear address of the Pages/HuiYuanInfo/AttachManage/AttachAct_Single. aspx? CliengGuid=845568aa-b4db-4 0 0 1-a95d-40590995f8df&ClientType=1 7&ModuleType=3 0 0 8 Put this path into the detecting tool for detection, can be found this is the db permissions of injection points, new points are generally stand-alone server, and the database is almost no sa permissions and then injected into the point of use, because this time has been busy, so has not been posting, writing a bit in a hurry, please see)