Million enterprise Internet site program through the kill oday and repair programme-vulnerability warning-the black bar safety net

ID MYHACK58:62201232932
Type myhack58
Reporter 佚名
Modified 2012-01-18T00:00:00


1, vulnerability analysis

Vulnerability exists page: newsdisp. asp

Obviously the injection vulnerability is!

Some stations do anti-Note You! (cookie injection can be done.

Generally the table name: admin Field name: username password

Some STATION Table for wq_admin field Ibid.

There is a more awsome vulnerability, but also not what vulnerability is!

These stations are basically using a network company give them the username with the password!

Username: xywanqi

Password: wanqi#0 2 9*The password also have to thank bad bad not good brothers hack)

Do not injected to get the user name with md5 passwords!

2, find the background, relatively painless process

I tried several commonly used background not found. With Al d, bright kid, Leopard run are not to run out!

I used Google search "technical support: enterprise interconnected" back-office management

Google first to find out!

I found his background very special: /wq029xxx/login. asp is such a format!

I tried several of the stations are of this pattern.

Background find out!

  1. Take the shell

Backup take website! Transmission of a picture format of a pony! Pictures path:/photo/20105112139512.jpg

Some stations have no backup!

You can capture the upload, the background there eweb editor you can use!

This is nothing technical content to master do not laugh it!

Repair solutions:

Anti-injection procedures you can prevent cookie injection, timely change the password, the editor upgrade