Letravel travel website management system v1.10 Vulnerability

Source: Internet
Author: User
Tags sql injection prevention

This article can exchange http://bbs.2cto.com/read.php with the author here? Tid = 89185

Code by Link [xinxin technology] Blog site: www.link0day.cn xinxin technology web site: www.cchacker.com

Forum id: original works of the Link red black customer Alliance (www.2cto.com). For more information, see


Body:
Recently, I helped some organizations with key, so I ran to Webmaster to find some source code for demo.
The problem also arises:
Software name: Travel travel website management system
Lelvw
Software Version: V1.1.0
Software type: free version
Release date: 2009.06.27


For the new system yesterday, we will put it in a white box ~ When I saw the features and advantages, I found the following:
5. Unlimited accounts. You can add, modify, or delete user accounts at will.


Since the version is v1.10, there should be an update, which officially says:
Update 2009.6.27


1. added a security filter function set for SQL Injection prevention.
2. added the car rental template function.
3. garbled background function correction
4. added the internal page search function.
5. The homepage framework is newly positioned.
6. added comments system functions


In fact, this program does filter out a lot and reports an error for any character to be submitted ~
This system also has some meanings. Basically, all the files contain the anti-injection file conn. asp. Let's take a look:
<% #@~ ^ 9 wUAAA = 7 #@ & 79 ksPmKx SmKxU/DDS9mYl # @ & d9k:, j} S | k LS ?} J | MnYBjpd {9CDl ~ J5 ^ {KWkO, ##@ & I? 5S {bxN ~, /2VbYc9mYlgd; ^ ~ J-Eb @ # @ & d & 0 ~ In5! + DYc} EDzjDDkUL @! @ * EJ, P4 + U #& isWMPACm4Pjpd {! NDPq ~ I; EdOR5EDz? O. bxL @ # @ & 7sKD ~ J5S {9 CDlx !, PKPi (W! XNv? 5J {bx % ###@ & 7r6Pk dym'i5; + kYcp; +. zUY. k L 'upjmv + YbSU; s {& UN 'J $ V | fb: B * B @ * ZPPtx #@ & iI + k2W/+ c. kD +, J @!? ^. BwOPdCxTECLLC-m/^ Db2D @ * C ^ + MY 'E note: please do not submit illegal requests! -UYDwlzJAAcS + ^-hcZWsvbi4kkYGDz (l ^ 3vRF *@! & J1Dk2O @ * J @ # @ & I]/2Kxk + Rx9c ##@ & 7 + N ~ R6 @ # @ & iU + XY @ # @ & 7 H + XY @ # @ & 72U [, qW @ # @ & 7q6P] n $ E + dOcsGDs @! @ * JE, K4 + x @ # @ & ioWMP3l1t ~ J $ V {hG/DPq ~] + $ E/ORoGM: @ # @ & ioWMPj} d {fCOmTP: G, j8KE n'updmk Lb # @ & drW, kxkODvI + $; N/DRwW.: cj $ VmnKdY *~ J5 ^ {qU % v? 5 v | 9zK )*#@*! P: tU @ # @ & d] + kwGUk + Rq. kD + Pr @! JmMkaY ~ SCUTECoxLmCd1Dk2O @ * ls + MOvB Note: Do not submit illegal requests! W CDYw = zJ hSRJ + ^ A; W: Ebi4k/DG. Xc4mmV 'rq *@! &? 1. kaY @ * E @ # @ & d] nkwGxknc + u9' * @ # @ & I + [Pb0 @ # @ & ixnad@#@ & iU + XY @ # @ & 7nx9Pb0 ~ ##@ & 7b0 ~? $ S1KPxq, YtnU # @ & 7r ~ D. KD, D + kEsnP + aY @ # @ & 7jYP; Gx ?. -+ MR; DnlOn} 4% + 1O 'rb [G94R/G xnmDrKxE * # @ & dZKx jYMEn "r # (G2I {jpdrSA9 $ iGb: B ~? 6i "Z38 + Gc! TcFii (GdlpKqfxpfzKb ~ BU3 ^ + sSJ ~ ##@ & DZKUxcWwU ~ ZKx? OD @ # @ & I + s/@ # @ & ifCOmJEUkO + hCDtrfmYl ~ Lknzr [9 lDlHCs + [rE @ # @ & dW ~ NDMWMP. + d; s ++ ~ XaY @ # @ & 7jYP ^ G x ~, JD-DcZDlDnr (LnmD 'E) Grf ~ ZKxx ^ OkKxr ###@ & 7 ^ KxU/D. rN85 {J_jnMDcmwKmY4 'fmymb _ ri [+ 6l; sDNkMxi9Dk7n. P: bm. WdG6Y ~ L1 ^ + k /~ [Mk ., 'Mrs [(# NpEbNpwmd/SW. N {X $8 &; 1 ^ 6x43ir # @ & d1W x r2n P ^ w u/DD # @ & I + x [~ B0 ##& iqW, 2MDP: tU #@& dnDMR/slD #@ & dU + Y, /Gx P {PHWO4bxL # @ & 7I/2G/+ MkO +, E @! Nr7PkYX ^ + {v: mDLk) qTZw6pWW YOkr "+ = FWwaiOnXYRl ^ ro) ^ n Y +. v @ * database connection error. Check whether the Database Name and path are correct. @! & Nb-@ * J # @ & d "+/aW d + c2UN # @ & 73 NP & W # @ & 87 QBAA == #~ @ %>


If the code is encoded, use a simple tool to decrypt the Code as follows:

<%
&

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.