Add or modify any management account and repair solution to the music news system

For details, add the use and pass Parameters submitted from the outside to the admin table without the permission verified by the music news system mofei_admin_save.asp.
Proof of vulnerability:
<! -- # Include file = "conn. asp" -->
 
<! -- # Include file = "md5.asp" -->
 
<%
 
Use2 = request. form ("use ")
 
Pass2 = request. form ("pass ")
 
Pass2 = md5 (pass2)
 
If use2 = "" or pass2 = "" then // determine whether the user name or password is empty
 
%>
 
<P> </p>
 
<P> </p>
 
<P> </p>
 
<Table border = "0" cellpadding = "0" cellspacing = "0" width = "600" align = "center" bgcolor = "# FFFFFF">
 
<Tr>
 
<Td height = "25" background = "mofeiimg/login_bg.gif">
 
<P align = "center"> <B> <font size = "3" color = "# FFFF00">: Jile No. 2 Middle School
 
: Error detected </font> </B> </td>
 
</Tr>
 
<Tr>
 
<Td height = "30">
 
Please <a href = "javascript: history. go (-1)"> back up </a> to fill in the complete information!
 
</Td>
 
</Tr>
 
<Tr>
 
<Td height = "30" bgcolor = "# F9F9F9">
 
<font color = "# FF0000"> your username and password may be blank! </Font>
 
</Td>
 
</Tr>
 
<Tr>
 
<Td height = "30">
 

 
</Td>
 
</Tr>
 
</Table>
 
 
 
<%
 
Else
 
Set rs = Server. CreateObject ("ADODB. Recordset") // www.2cto.com
 
SQL = "select * from admin"
 
Rs. open SQL, conn, 1, 3
 
 
 
Rs ("usename") = use2
 
Rs ("password") = pass2
 
Rs. update
 
Rs. close
 
Response. redirect ("mofei_admin_edit.asp ")
 
End if %>
Solution:
 
 
Add session verification to the file header
<% If not session ("mofeicheck") = "true" then
Response. redirect ("mofei_login.asp") %>
 
 
From Yu Ren @ wooyun