6 0 degrees™ CMS 1.0 background the COOKIE trick and back directly GETWEBSHELL-vulnerability warning-the black bar safety net

2013-07-20T00:00:00
ID MYHACK58:62201339752
Type myhack58
Reporter 佚名
Modified 2013-07-20T00:00:00

Description

6 0 degrees™ CMS official administrator of a dick. To submit a TICK to. Contact the author, and. The authors confirm, and then TICK the inside ignored. Be a dick and post it out

Official download address:<http://60du.net/index.html>

The core file is: administrator directory under check. asp

|

1

2

3

4

5

6

7

8

9

1 0

1 1

1 2

1 3

1 4

1 5

1 6

1 7

1 8

1 9

2 0

2 1

2 2

2 3

2 4

2 5

|

&lt;!--# includefile="../inc/md5. asp"--><%`

To determine whether the user login

if session("cmsname")=""andinstr(CStr(Request. ServerVariables("SCRIPT_NAME")),site_install&AdminPath&"/login. asp")=0 then`

ifrequest. Cookies("cmsname")="" then//determine cookie cmsname is empty`

response. Redirect(site_install&AdminPath&"/login. asp")`

elseifSession("admin_id") =null then /determine the cookie cmsname is empty`

Response. Write("&lt;script&gt;alert('login timeout!'); parent. location = '"&site_install&AdminPath&"/login. asp';&lt;/script&gt;")`

else`

session("cmsname")=request. Cookies("cmsname") `

session("cmsid")=request. Cookies("cmsid")`

endif`

end if

%&gt;

---|---

[1] [2] next