First look at the background login authentication file:
File Code: admin/index. asp
<% Dbs = "../" %>
<! -- # Include file = "../inc/config. asp" -->
<! -- # Include file = "../inc/md5.asp" -->
<%
If session ("adminid") <> "" and session ("adminuser") <> "Then
Response. Redirect "main. asp"
Response. End ()
End if
Action = request. QueryString ("action ")
If action = "login" then
Nick = request. Form ("nick ")
Password = request. Form ("Password ")
If nick = "" then
Response. Write "<script> alert (Prompt: Sorry, the user name cannot be blank...); history. back (-1); </script>"
Response. end
End if
If Password = "" then
Response. Write "<script> alert (Prompt: Sorry, the password cannot be blank...); history. back (-1); </script>"
Response. end
End if
Nick = replace (trim (nick ),"","")
Password = replace (trim (Password ),"","")
In_safe_admin = replace (trim (in_safe_admin ),"","")
Password = md5 (md5 (Password ))
Set rs = Server. CreateObject ("Adodb. Recordset ")
SQL = "select * from H_admin where adminuser =" & nick & "and adminpass =" & Password &""
Rs. open SQL, conn, 1, 1
If not rs. bof then
Session ("adminid") = rs ("id ")
Session ("adminuser") = rs ("adminuser ")
Response. Write "<script> alert (Prompt: Login successful...); location. href = main. asp; </script>"
Response. end
Else
Response. Write "<script> alert (Prompt: Sorry, the user name or password is incorrect...); history. back (-1); </script>"
Response. end
End if
Rs. close
End if
Nick = replace (trim (nick ),"","")
Password = replace (trim (Password ),"","")
In_safe_admin = replace (trim (in_safe_admin), "", "") The single quotation marks are filtered out. The wildcard password or = or does not exist.
I couldn't find any other file injection (maybe my own dish, I couldn't find it, huh, huh)
Let's take a look at the conn. asp file. The file is as follows:
<%
On Error Resume Next
-- Access database connection --
Scadb = dbs & "date/date. asp" dbdns specifies the path set in each file. Do not change the path.
Conndata = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & Server. MapPath ("" & scadb &"")
If IsObject (Conn) = false Then
Set conn = Server. CreateObject ("ADODB. Connection ")
Conn. Open conndata
End if
H_Version = 3.6
%>
If you see the problem, he puts On Error Resume Next
Commented out, there is a database burst,
The image is as follows:
The database explosion vulnerability is very harmful. The Administrator's carelessness also exists on the official website. Do not destroy the database.
Summary: other vulnerabilities
Background: admin/index. asp
Database: datedate. asp datehydate. mdb
Keyword: inurl: quantext_read.asp?