Launch communication enterprise site CMS system v1.1 injection and background shell defects and repair

 

This is a broken system. If you change the model, you will be charged for it.

 

 

The junk system also encrypts the source horse.

 

 

 

A large number of vulnerabilities

 

Background login verification file:

 

<! -- # Include file = "conn. asp" -->

<! -- # Include file = "../class/Config. asp" -->

<! -- # Include file = "inc/md5.asp" -->

<! -- # Include file = "../class/Ubbsql. asp" -->

<%

Dim SQL, rs

Dim username, password, CheckCode

Username = replace (trim (request ("username ")),"'","")

Password = replace (trim (Request ("password ")),"'","")

CheckCode = replace (trim (Request ("CheckCode ")),"'","")

 

The above page is not loaded with anti-injection. In addition, request is used for receiving parameters. There are no restrictions. Let's get all the injections together.

 

 

 

2. Injection on the front-end page

 

% Owen = request ("id") %>

 

<%

Id = cstr (request ("id "))

Set rsnews = Server. CreateObject ("ADODB. RecordSet ")

SQL = "update news set hits = hits + 1 where id =" & id

Conn.exe cute SQL

 

You can use injection to transfer data. I didn't see any other pages.

 

 

 

Let's take a look at the shell vulnerability in the background.

 

1. the upload vulnerability allows you to upload files.

 

2. There are no restrictions on database backup. Upload the image horse and back up it.

 

3. Website configuration, which can be inserted with a closed shell statement

Fix: Filter