Category: 资源共享
2007-01-26 16:02:56 by: h4x0r

某论坛漏洞

Font Size: Large | Medium | Small
在以后X站的时候用的上 放在这里 三月发我的~感谢 [redface]

在upfile.asp 这个文件中由于Upid没过滤好,导致我们可以SQL注入。
在文件第10行的位置:
If Request("menu")="Show" Then
  Dim Upid
  Upid=Request("Upid")
  If Upid<>"" Then
    Dim UpCount
    UpCount= Team.Execute("Select UpCount From Upfile Where FileID="&Upid )(0)
    Response.Write "<html>"
    Response.Write "<body topmargin=0 rightmargin=0 leftmargin=0 class=a3>"
    Response.Write UpCount
    Response.Write "</html>"
  End If
当提交的menu为show值时,就执行下面的代码,Upid=Request("Upid"),这里没有过滤,导致我们可以注入。
[Last Modified By h4x0r, at 2007-01-26 17:57:12]
Comments Feed Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=812

View Mode: Show All | Comments: 2 Trackbacks: 0 Toggle Order | Views: 518
Quote whytt*
[ 2007-02-19 22:22:22 ]
呵呵。。。
Quote 樱木花盗
[ 2007-02-22 20:48:00 ]
哈哈。到处都可以注入

Post Comment
Smilies
[smile] [confused] [cool] [cry]
[eek] [angry] [wink] [sweat]
[lol] [stun] [razz] [redface]
[rolleyes] [sad] [yes] [no]
[heart] [star] [music] [idea]
Enable UBB Codes
Auto Convert URL
Show Smilies
Hidden Comment
Username:   Password:   Register Now?
Security Code * Please Enter the Security Code