About Beijing Chong star weiye software Technology Co., Ltd. development of the education system vulnerability report
Manufacturer: Beijing Chong star weiye software Technology Co., Ltd. http://www.conking.cn/
The official website part of the case.
Vulnerability to prove:
【Notice: the following test is purely white hat security testing, avoiding site visits at its peak, did not affect the site's normal run, does not get any valid data out of the vendor's security will be in the National Internet emergency center informed after the confirmation of the domain coding process. Thank you for your support and understanding.】
For example:“http://www.x***. org”as a security test.
In the“register. aspx”in the registration the user may register the user's type is changed to the super Administrator, the rectification of the registration page has the username and user type is disabled, but in fact we know by certain browser features can be delete cause you can freely operate in the region.
Or at the time of registration to grab the data package, the"Register:ddIUserType"value to 1 is also can be done. The super administrator can login admin/index. aspx the background, on the background of how the operation I will not go to research.
AjaxFileHandler. ashx absolutely no judgment document the legitimacy of the cause the user can upload any file without having to log in locally constructed form upload:
<form action="http://www.*. com/AjaxFileHandler. ashx?
7 2 0 0" method="post" name="upload" enctype="multipart/form-data">
<input type="file" name="ForumEdit:fileUpload">
<input type="submit" value="upload">
Just upload an asp program