An enterprise system is the presence of injection and solution-vulnerability warning-the black bar safety net

2012-03-06T00:00:00
ID MYHACK58:62201233269
Type myhack58
Reporter 佚名
Modified 2012-03-06T00:00:00

Description

Brief description:

An enterprise system info_cont. asp file exists injectionvulnerabilities, the total Station does not filter special characters! Pro! Detailed description:

A business website system info_cont. aspfile exists injection. See the following code

<%@LANGUAGE="VBSCRIPT" CODEPAGE="9 3 6"%>

<!--# include file="dbpath. asp" - >

<!--# include file="sp_web/_web_tw. asp" - >

<!--# include file="sp_web/_web_news. asp" - >

<!--# include file="sp_web/_web_pro. asp" - >

... The inclusion of the 4 files did not filter special characters? Pro.... and Use method: inurl:info_cont. asp Ah D or havij Add Table period admin_user field admin_user admin_pwd Backend/manage/or direct/sp_admin/jump Vulnerability to prove: !

Repair solutions:

Filter special characters.

The author of the large intestine@clouds