1. Station Program type: Aspx+mssql
2. Vulnerability type: SQL injection
3. defect file: Login.aspx
4. Injection parameters: appsecret=
5. It involves the version number: Full version
7, the degree of harm: high risk
8, participation: XXX (XXX) official website | Shanghai XX Information Technology Co., Ltd.
9, manufacturer site: http://www.ecsxxxxx.cn
10, installation capacity: Very large
11. Do you have source code analysis: No
12, keyword:inurl:NewsIndex.aspx?
Pkid=
13, whether the default configuration: Yes
14. Enumeration case "The requirements of the cloud, enumeration of 5 cases":
"Disclaimer: All of the cases provided below prove to be generic in one respect. On the one hand is to CNVD or Cncert test, other people may not use this for illegal use or sabotage operation. Otherwise the consequences are self-<br/>
Http://www.***.net/login.aspx? appsecret=
http://www.***zx.com/login.aspx?appsecret=
http://www.***x.com/login.aspx?appsecret=
http://www.t***t.com/login.aspx?appsecret=
Http://www.p***.net/login.aspx? appsecret=
..... Wait a minute
Copyright notice: This article blog original articles, blogs, without consent, may not be reproduced.
Generic Vulnerability and submit format description