995 online beautification modified version: 2.6 excellent version 0-day and repair

By r0eXpeR & 3EST ring3h

Yesterday, I scanned the directories on the easy-to-use grapefruit main site and found that I had encountered
Smooth ING ....
Http://www.xxx.com/vote/login1.asp

<%

IF Request. Form ("IsSub") = "YES" THEN

Set conn = Server. CreateObject ("ADODB. Connection ")

Conn. open ConnStr

Set rs1_conn.exe cute ("Select value From system Where ID = 1 ")

IF rs (0) = Request. Form ("password") THEN

Rs. close

Conn. close

Set conn = nothing

Set rs = nothing

Session ("fjvote_IsManager") = True

Response. redirect "list. asp"

ELSE

Rs. close

Conn. close

Set conn = nothing

Set rs = nothing

Response. write "<Script Language = JavaScript> alert (incorrect password, please enter it again) </Script>"

END IF

END IF

Str = "You have not logged on yet, or you have timed out to disconnect"

IF Request. QueryString ("cmd") = "out" THEN

Str = "you have successfully exited the Management System"

Session ("fjvote_IsManager") = ""

END IF

%>
Copy code

Unverified front-end Login
The front-end has an upload vulnerability that makes little sense.
Generally, the Administrator only modifies the database address of the main directory and ignores the voting system.
The voting management password for background management is:
123456
Default database address http://www.xxx.com/vote/data.asa
You can directly Insert the entire batch of data into the batch.

Source code reference http://www.cyxdy.cn/soft/softdown.asp? Softid = 26203
By r0eXpeR & 3EST ring3h

Yesterday, I scanned the directories on the easy-to-use grapefruit main site and found that I had encountered
Smooth ING ....
Http://www.xxx.com/vote/login1.asp

<%

IF Request. Form ("IsSub") = "YES" THEN

Set conn = Server. CreateObject ("ADODB. Connection ")

Conn. open ConnStr

Set rs1_conn.exe cute ("Select value From system Where ID = 1 ")

IF rs (0) = Request. Form ("password") THEN

Rs. close

Conn. close

Set conn = nothing

Set rs = nothing

Session ("fjvote_IsManager") = True

Response. redirect "list. asp"

ELSE

Rs. close

Conn. close

Set conn = nothing

Set rs = nothing

Response. write "<Script Language = JavaScript> alert (incorrect password, please enter it again) </Script>"

END IF

END IF

Str = "You have not logged on yet, or you have timed out to disconnect"

IF Request. QueryString ("cmd") = "out" THEN

Str = "you have successfully exited the Management System"

Session ("fjvote_IsManager") = ""

END IF

%>
Copy code

Unverified front-end Login
The front-end has an upload vulnerability that makes little sense.
Generally, the Administrator only modifies the database address of the main directory and ignores the voting system.
The voting management password for background management is:
123456
Default database address http://www.xxx.com/vote/data.asa
You can directly Insert the entire batch of data into the batch.

Source code reference address asp? Softid = 26203 "> http://www.cyxdy.cn/soft/softdown.asp? Softid = 26203
By r0eXpeR & 3EST ring3h

Yesterday, I scanned the directories on the easy-to-use grapefruit main site and found that I had encountered
Smooth ING ....
Http://www.xxx.com/vote/login1.asp

<%

IF Request. Form ("IsSub") = "YES" THEN

Set conn = Server. CreateObject ("ADODB. Connection ")

Conn. open ConnStr

Set rs1_conn.exe cute ("Select value From system Where ID = 1 ")

IF rs (0) = Request. Form ("password") THEN

Rs. close

Conn. close

Set conn = nothing

Set rs = nothing

Session ("fjvote_IsManager") = True

Response. redirect "list. asp"

ELSE

Rs. close

Conn. close

Set conn = nothing

Set rs = nothing

Response. write "<Script Language = JavaScript> alert (incorrect password, please enter it again) </Script>"

END IF

END IF

Str = "You have not logged on yet, or you have timed out to disconnect"

IF Request. QueryString ("cmd") = "out" THEN

Str = "you have successfully exited the Management System"

Session ("fjvote_IsManager") = ""

END IF

%>
Copy code

Unverified front-end Login
The front-end has an upload vulnerability that makes little sense.
Generally, the Administrator only modifies the database address of the main directory and ignores the voting system.
The voting management password for background management is:
123456
Default database address http://www.xxx.com/vote/data.asa
You can directly Insert the entire batch of data into the batch.

Source code reference http://www.cyxdy.cn/soft/softdown.asp? Softid = 26203

By r0eXpeR & 3EST ring3h

Yesterday, I scanned the directories on the easy-to-use grapefruit main site and found that I had encountered
Smooth ING ....
Http://www.xxx.com/vote/login1.asp

 

<%

 

IF Request. Form ("IsSub") = "YES" THEN

 

Set conn = Server. CreateObject ("ADODB. Connection ")

 

Conn. open ConnStr

 

Set rs1_conn.exe cute ("Select value From system Where ID = 1 ")

IF rs (0) = Request. Form ("password") THEN

 

Rs. close

 

Conn. close

 

Set conn = nothing

 

Set rs = nothing

 

Session ("fjvote_IsManager") = True

 

Response. redirect "list. asp"

 

ELSE

 

Rs. close

 

Conn. close

 

Set conn = nothing

 

Set rs = nothing

 

Response. write "<Script Language = JavaScript> alert (incorrect password, please enter it again) </Script>"

 

END IF

 

END IF

 

Str = "You have not logged on yet, or you have timed out to disconnect"

 

IF Request. QueryString ("cmd") = "out" THEN

 

Str = "you have successfully exited the Management System"

 

Session ("fjvote_IsManager") = ""

 

END IF

 

%>
Copy code

Unverified front-end Login
The front-end has an upload vulnerability that makes little sense.
Generally, the Administrator only modifies the database address of the main directory and ignores the voting system.
The voting management password for background management is:
123456
Default database address http://www.xxx.com/vote/data.asa
You can directly Insert the password as shown in Figure.

Source code reference http://www.cyxdy.cn/soft/softdown.asp? Softid = 26203