Changzhou real estate network commercial edition has SQL Injection

Source: Internet
Author: User

 H4ckx7's Blog


I can't tell where the vulnerability files are generated, because there are too many files. After reading the call, I found that the file simply filters out any characters and does not use any anti-injection. I really don't know how the programmer wrote it. It's a tragedy! Select a file h_open.asp to view the code!

<! -- # Include file = "conn. asp" -->
<% Response. buffer = false

Dim h

H = request. QueryString ("id ")

Set rs = server. createobject ("adodb. recordset ")
SQL = "select * from house where id =" & h
Rs. open SQL, conn, 1, 3

Rs ("fw_lls") = rs ("fw_lls") + 1
Rs. update

Response. redirect "h_house.asp? Id = "& h

Don't laugh. SQL = "select * from house where id is called directly without any precaution! Conn, asp

Dim dbpath, conn, startime, db, rs, rs1, rs2, rs3, rs4, rs5, rs6, rs7, rs8, Hangzhou, fw_city, fw_quyu, fw_dizhi, fw_jiaotong,

Fw_leixing, fw_jiegou, fw_louceng, fw_mianji, fw_zhuangxiu, fw_jiage, fw_lxdh, fw_OICQ, fw_lxname, fw_fbri,

Fw_guoqi, fw_qtsm, fw_peitao, pud, pwd, pwd2, uname, xb, sfz, email, tel, tishi, tsda
Db = "data/fclyw. asp" Modify the database path or name here
Set conn = Server. CreateObject ("ADODB. Connection ")
Dbpath = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & Server. MapPath (db)
Conn. Open dbpath
No anti-injection is enabled,

The Default background path is admin/login. asp. You can find a place to upload images in image management. You can get the shell by capturing packets and then submitting the NC file.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.