An enterprise system info_cont. asp file exists injectionvulnerabilities, the total Station does not filter special characters! Pro! Detailed description:
A business website system info_cont. aspfile exists injection. See the following code
<%@LANGUAGE="VBSCRIPT" CODEPAGE="9 3 6"%>
<!--# include file="dbpath. asp" - >
<!--# include file="sp_web/_web_tw. asp" - >
<!--# include file="sp_web/_web_news. asp" - >
<!--# include file="sp_web/_web_pro. asp" - >
... The inclusion of the 4 files did not filter special characters? Pro.... and Use method: inurl:info_cont. asp Ah D or havij Add Table period admin_user field admin_user admin_pwd Backend/manage/or direct/sp_admin/jump Vulnerability to prove: !
Filter special characters.
The author of the large intestine@clouds