From: www.0855. TV
By: Mr. DzY
Date: 2011/08/25
The enterprise website system is a small-sized enterprise website source code customized for small and medium-sized enterprises. The code is made public for free and can be modified and learned on its own.
But is strictly prohibited for commercial purposes. The front-end interface of the system is easy to clean and powerful. It is most suitable for enterprise-type websites.
Ps: When I was busy, I ran to an internet cafe and had no time to read the code. Let's make a simple research.
Default background: admin/login. asp
Default database: database/% 23zhiyuan_date_1003.mdb
Official site: http://www.li07.com/demo/01/
Vulnerability file: include/conn. asp
Vulnerability cause: No Fault Tolerance
Vulnerability exploitation:
Http://www.bkjia.com/include % 5cconn. asp
In addition, the author of the cookies injection vulnerability in the previous version has installed patches.
However, the characters in admin/conn. asp are not filtered out: * char % and other characters. Yes
Try to bypass anti-injection by/***/character splitting and char (101.
Anti-injection code:
'Security protection against SQL Injection code
SQL _in = "and | or | on | in | select | insert | update | delete | exec | declare | '"
'Prevent the GET method --------------------------------------------------------
SQL = Split (SQL _in, "| ")
If Request. QueryString <> "Then
For Each SQL _Get In Request. QueryString
For SQL _Data = 0 To Ubound (SQL)
IF Instr (Lcase (Request. QueryString (SQL _Get), SQL (SQL _Data) <> 0 Then
Response. Write "<SCRIPT> alert ('contains invalid characters. Please enter it again! '); History. go (-1); </SCRIPT>"
Response. End ()
End IF
Next
Next
End If