FoosunCms the asp version getshell-a vulnerability warning-the black bar safety net

In the file\User\award\awardAction. asp: | 1 2 3 4 5 6 7 8 9 | Integral=NoSqlHackrequest. QueryString"Integral" ifaction="join"then UserConn. execute"Insert into FSMEUserPrize prizeid,usernumber,awardID values" CintStrprizeID&",'"&session"FSUserNumber"&"'," CintStrawardID&"" 'Get the current numb...

FoosunCms(wind noise cms) asp version sql vulnerability attached to the exp-bug warning-the black bar safety net

FoosunCms the asp version getshell In the file\User\award\awardAction. asp: Integral=NoSqlHackrequest. QueryString"Integral" if action="join" then UserConn. execute"Insert into FSMEUserPrize prizeid,usernumber,awardID values" CintStrprizeID&",'"&session"FSUserNumber"&"'," CintStrawardID&"" 'Get t...

Wind news site management system any changes to password vulnerabilities-vulnerability warning-the black bar safety net

FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software. Vulnerability analysis: In the file\User\ GetPassword. asp: ElseIf Request. Form"Action" = "step3" then //first 2 Line 8 Call step3 ...... Sub step3 //the 1 9 8 row Dim ppassnew,pconfimpassne...

风讯（FooSun）GetPassword.asp页面存在任意修改密码漏洞

FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。 在文件\User\ GetPassword.asp中： ElseIf Request.Form"Action" = "step3" then //第28行 Call step3 …… Sub step3 //第198行 Dim ppassnew,pconfimpassnew ppassnew = md5Request.Form"passnew",16 …… UserConn.execute"Update FSMEUsers set UserPassword ='"&...

Wind news site management system Corp_card_Unpass. asp and favorite. asp page there is unauthorized vulnerability-vulnerability warning-the black bar safety net

FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software. Vulnerability analysis: In the file\User\ CorpcardUnpass. asp: If Request. Form"Action" = "Save" then //Section 1 4-row Dim DelID,StrTmp,StrTmp1 DelID = request. Form"CorpCardID" if DelID = "...

风讯(FooSun) favorite.asp页面存在越权漏洞

FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。 在文件\User\ favorite.asp中： if request"Action"="del" then //第10行 if Request"id"="" then strShowErr = "li错误的参数！/li" Response.Redirect"lib/error.asp?ErrCodes="&Server.URLEncodestrShowErr&"&ErrorUrl=" Response.end else UserConn.execute"Delete from...

Wind news site management system API_Response. asp page there is unauthorized vulnerability-vulnerability warning-the black bar safety net

FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software. In the file\API\ APIResponse. asp: If Request. QueryString"" Then //paragraph 1 Line 6 SaveUserCookie Else Set XmlDoc = Server. CreateObject"msxml2. FreeThreadedDOMDocument" & amp; MsxmlVersi...

Wind noise(FoosunCMS) 5.0 Error. asp error page cross-site scripting vulnerability (figure a-vulnerability warning-the black bar safety net

FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software, the leading domestic the first open source, integrated web2. 0 elements, modular ＣＭＳ built Station system. FoosunCMS incorrectly filtered user input, a remote attacker could exploit the...

风讯(FoosunCMS) 5.0 Error.asp 错误页跨站脚本漏洞

北洋贱队http://bbs.seceye.org首发 FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件，国内领先的第一款开源的、集成web2.0元素的、模块化的ＣＭＳ建站系统。 FoosunCMS不正确过滤用户输入，远程攻击者可以利用漏洞进行跨站脚本攻击，获得敏感信息。 由于不正确处理错误页面，在返回给用户后，可导致恶意脚本代码在目标浏览器上执行，泄漏敏感信息。 风讯FoosunCMS 5.0 用户可联系官方获得最新版本...

Wind noise CMS4. 0sp5 commercial version of the fatal-vulnerability warning-the black bar safety net

Article author: oldjun&flyh4t script security team Information source: evil octal information security team www.eviloctal.com） Note: the article has been published in the hackers Handbook, by the author of friendship submitted to the evil octal information security team technology Forum, reproduc...