ShyPost enterprise web site management system V4. 3 injection, XSS vulnerabilities and the background to get webshell-vulnerability warning-the black bar safety net

2012-07-16T00:00:00
ID MYHACK58:62201234332
Type myhack58
Reporter 佚名
Modified 2012-07-16T00:00:00

Description

Author: invincible gold record administration

Program source code Download:http://www. codefans. net/down/1 7 0 0 2. shtml

① Injection vulnerability

② BackgroundXSSvulnerability

③ The editor vulnerability to get webshell

① Injection vulnerability

  1. Vulnerability file: Aboutus. asp

%>

<!–# include file=”Inc/SysProduct. asp” –>

<%Title=Trim(request(“Title”))

Set rs = Server. CreateObject(“ADODB. Recordset”)

sql=”select Content from Aboutus where Title=’”&Title&”‘”

rs. open sql,conn,1,3

%>

Unfiltered

  1. Vulnerability file: ProductShow. asp

<%

ShowSmallClassType=ShowSmallClassType_Article

dim ID

ID=trim(request(“ID”))

if ID=”" then

response. Redirect(“Product. asp”)

end if

sql=”select * from Product where ID=” & ID & “”

And on top of the similar

② BackgroundXSSvulnerability

The front Desk online message writexssthe code in the background to be able to successfully perform the

Vulnerability file: FeedbackSave. asp

Reason: not filtered

③ Editor vulnerability

Editor Version: [in MY power] the HTML online editor

Vulnerability code:

if fileEXT=”asp” or fileEXT=”asa” or fileEXT=”aspx” then

EnableUpload=false

end if

Upload unfiltered spaces, you can log in the background after the use of NC forged packets breakthrough upload,the last exploit this vulnerability successfully get a webshell