ZDSoft website generation system vulnerabilities and fixes-vulnerability warning-the black bar safety net

2013-01-08T00:00:00
ID MYHACK58:62201336617
Type myhack58
Reporter 佚名
Modified 2013-01-08T00:00:00

Description

DSoft site generation system a serious vulnerability that can lead to the web server directly is to get the highest permissions, 1. Background permission bypass vulnerability http://www.zdsoft.net/admin/left.aspx the background menu If not logged in, it will js to jump to the login page, disable js you can continue to access, the back-end part of the file limits the permissions, but can modify the site user password is not the problem http://www.zdsoft.net/Admin/sqlPlatform/operateSql.aspx Here you can execute sql, not logged in.

  1. http://www. zdsoft. net/Admin/sqlPlatform/sqlLogin. aspx Here is the SQL operating platform, removing the above bypass vulnerability, can also be directly logged in, the user name and password is fixed Username: sbwSqlAdmin password: sbwPass@word1 zdsoft most of the website database user is sa, so this vulnerability is very serious

!

!

!

Repair solutions: js jump code after the response. end