shop7z 注入漏洞2

2014-07-01T00:00:00
ID SSV:95983
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

简要描述:

shop7z 注入漏洞2

详细说明:

News.asp <TD vAlign=bottom height=32><IMG height=19 src="images/dian04.gif" width=10 align=absMiddle> <STRONG> <FONT color=#ff6600> <% sql3="select l_title from e_left where l_id="&request.QueryString("l_id")&"" set rs3=server.CreateObject("adodb.recordset") rs3.open sql3,conn,1,1 if rs3.bof or rs3.eof then else l_title=rs3("l_title") response.write l_title end if rs3.close set rs3=nothing %>

漏洞证明:

测试 192.168.236.131/news.asp?l_id=1' http://www.shop7z.com/Demo/news.asp?l_id=1%27

<img src="https://images.seebug.org/upload/201406/072207175050d166a9ed30004e156d28a017c71f.png" alt="QQ截图20131103143435.png" width="600" onerror="javascript:errimg(this);">