Dingxiang multi-user online customer service system Vulnerability

Source: Internet
Author: User

Links blog

Dingxiang multi-user online customer service system is an enterprise-level real-time website communication system. website visitors only need to click the dialog icon on the webpage without installing or downloading any software, you can directly communicate with our customer service staff. The Dingxiang multi-user online customer service system will help enterprises discover more potential customers, reduce operating costs, improve work efficiency, and improve customer satisfaction, it is a powerful tool for enterprises to conduct online consulting, online marketing, and online customer service.

Modify database path: inc. asp

Administrator Logon port: http: // your domain name/admin/login. asp

Default Administrator Account: admin Password admin

Modify the corresponding file on the homepage

The VB source code directory contains the client's VB source code. Download The VB6.0 Green Edition, modify the address, and generate it.

Dingxiang Technology
Http://www.68kf.cn


Accidentally discovered... In fact, when I flip the aspx code, I can see

In zj2.asp:

<% @ LANGUAGE = "VBSCRIPT" CODEPAGE = "936" %>
<! -- # Include file = "pass. asp" -->
<! -- # Include file = "inc. asp" -->
<%
Response. Buffer = True
Response. ExpiresAbsolute = Now ()-1
Response. Expires = 0
Response. CacheControl = "no-cache"
Response. AddHeader "Pragma", "No-Cache"
Fuse = request. cookies ("fuse ")
Fsid = request. querystring ("fsid ")
Id = trim (request. querystring ("id "))
Password = request. cookies ("password") User ID
Set rs = server. CreateObject ("adodb. recordset ")
Strsql = "select * from texts where userid =" & fuse & "and id =" & id &""

 


Hey, hey.

In ip. asp, I found an interesting one:

<%
Function ips)
Adb = "ip. mdb"
AConnStr = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & Server. MapPath (adb)
Set AConn = Server. CreateObject ("ADODB. Connection ")
AConn. Open aConnStr
Sip = request ("ip ")
If sip = "127.0.0.1" Then sip = "192.168.0.1" end if
Str1 = left (sip, instr (sip, ".")-1)
Sip = mid (sip, instr (sip, ".") + 1)
Str2 = left (sip, instr (sip, ".")-1)
Sip = mid (sip, instr (sip, ".") + 1)
Str3 = left (sip, instr (sip, ".")-1)
Str4 = mid (sip, instr (sip, ".") + 1)
Num = cint (str1) * 256*256*256 + cint (str2) * 256*256 + cint (str3) * 256 + cint (str4)-1
SQL = "select * from address where ip1 <=" & num & "and ip2> =" & num
Set rsw.aconn.exe cute (SQL)
If not rs. eof then
Ips = rs ("country ")
Else
Ips = "Unknown Region"
End if
End function
%>


I really don't know what the record is doing .. In addition, the database is not fault-tolerant and cannot be downloaded ..

There are still holes everywhere:

<% @ LANGUAGE = "VBSCRIPT" %>
<! -- # Include file = "SQL. asp" -->
<! -- # Include file = "encodehtml. asp" -->
<! -- # Include file = "inc. asp" -->
<Html> <Meta http-equiv = "Content-Type" content = "text/html; charset = gb2312">
<Title> Customer Service Message </title>
<Link href = "style.css" rel = "stylesheet" type = "text/css">
<Script>
Function check (form)
{
If (form. names. value = "")
{
Alert ("enter your name! ");
Form. names. focus ();
Return (false );
}
If (form. texts. value = "")
{
Alert ("Enter the message content! ");
Form. texts. focus ();
Return (false );
}
If (form. email. value = "" & form. phone. value = "")
{
Alert ("Enter at least one email address and phone number! ");
Form. email. focus ();
Return (false );
}
Return (true );
} /// Target = "parent. frameC"

</Script>
</Head>
<%
Response. Buffer = true
Response. Expires =-1
Kuse = request. querystring ("kuse ")
Use = request. querystring ("use ")
Set rs = server. CreateObject ("adodb. recordset ")
Strsql = "select * from [use] where userid =" & kuse & "and [use] =" & use & "and zxbz = 1"
Rs. open strsql, conn, 1, 1
If not rs. eof then
Ywfw = rs ("bm ")
Hyl = rs ("hyl ")
Glbh = rs ("glbh ")
End if
Rs. close
Set rs = nothing
Set rs = server. CreateObject ("adodb. recordset ")
Strsql = "select * from userid where userid =" & kuse & "order by id desc"
Rs. open strsql, conn, 3, 2
If not rs. eof then
Gsjj = rs ("gsjj ")
Webname = rs ("webname ")
Webdz = rs ("webdz ")
Mail = rs ("email ")
Mftel = rs ("mftel ")
Telurl = rs ("telurl ")
Dianhua = rs ("dell ")
End if
Rs. close
Set rs = nothing
Function addEntry ()
Texts = encodehtml (request ("texts "))
Phone = encodehtml (request ("phone "))
Email = encodehtml (request ("email "))
Names = encodehtml (request ("names "))
Ipp = Request. ServerVariables ("REMOTE_ADDR ")
Set rs = server. CreateObject ("adodb. recordset ")
Strsql = "select * from ly"
Rs. open strsql, conn, 3, 3
Rs. addnew
Rs ("userid") = request ("kuse ")
Rs ("use") = request ("use ")
Rs ("ip") = ipp
Rs ("texts") = texts
Rs ("phone") = phone
Rs ("email") = email
Rs ("names") = names
Rs. update
Rs. close
Set rs = nothing
Response. write ("<script language = javascript> alert (Message success !); </Script> ")
End Function
Dim
A = Request ("action ")
If a = "" Then
Else
AddEntry
End If
Conn. close
Set conn = nothing
%>
<Body leftmargin = "0" topmargin = "0">
<Table width = "703" border = "0" align = "center" cellpadding = "0" cellspacing = "0" background = "images/chat/top.jpg">
<Tr>
<Td width = "19" height = "33"> & nbsp; </td>
<Td width = "499" style = "color: # FFFFFF"> <strong> <% = request ("use") %> </strong> </td>
<Td width = "169"> & nbsp; </td>
<Td width = "16"> & nbsp; </td>
</Tr>
<Tr>
<Td height = "38"> & nbsp; </td>
<Td style = "padding-top: 10px"> to & nbsp; <strong> <% = request ("use") %> </strong> & nbsp; message </td>
<Td align = "center"> <% = request ("use") %> </td>
<Td> & nbsp; </td>
</Tr>
</Table>
<Table width = "703" border = "0" align = "center" cellpadding = "0" cellspacing = "0">
<Tr>
<Td width = "18" valign = "top"> </td>
<Td width = "485" valign = "top" bgcolor = "# FFFFFF"> <table width = "95%" height = "24" border = "0" align = "center "cellpadding =" 0 "cellspacing =" 0 ">
<Tr>
<Td width = "7%"> & nbsp; </td>
<Td width = "93%"> <font color = "#000000"> the customer service is not online. Please leave a message and I will contact you as soon as possible. </Font> </td>
</Tr>
</Table>
<Form name = "form2" method = "post" onSubmit = "return check (this);" action = "? Action = add ">

<Table width = "91%" height = "268" border = "0" align = "center">
<Tr>
<Td width = "24%" align = "center"> your name: </td>
& Lt; td width = "76%" & gt; <

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.