Letravel travel website management system v1.10 Vulnerability

This article can exchange http://bbs.2cto.com/read.php with the author here? Tid = 89185

Code by Link [xinxin technology] Blog site: www.link0day.cn xinxin technology web site: www.cchacker.com

Forum id: original works of the Link red black customer Alliance (www.2cto.com). For more information, see


Body:
Recently, I helped some organizations with key, so I ran to Webmaster to find some source code for demo.
The problem also arises:
Software name: Travel travel website management system
Lelvw
Software Version: V1.1.0
Software type: free version
Release date: 2009.06.27


For the new system yesterday, we will put it in a white box ~ When I saw the features and advantages, I found the following:
5. Unlimited accounts. You can add, modify, or delete user accounts at will.


Since the version is v1.10, there should be an update, which officially says:
Update 2009.6.27


1. added a security filter function set for SQL Injection prevention.
2. added the car rental template function.
3. garbled background function correction
4. added the internal page search function.
5. The homepage framework is newly positioned.
6. added comments system functions


In fact, this program does filter out a lot and reports an error for any character to be submitted ~
This system also has some meanings. Basically, all the files contain the anti-injection file conn. asp. Let's take a look:
<% #@~ ^ 9 wUAAA = 7 #@ & 79 ksPmKx SmKxU/DDS9mYl # @ & d9k:, j} S | k LS ?} J | MnYBjpd {9CDl ~ J5 ^ {KWkO, ##@ & I? 5S {bxN ~, /2VbYc9mYlgd; ^ ~ J-Eb @ # @ & d & 0 ~ In5! + DYc} EDzjDDkUL @! @ * EJ, P4 + U #& isWMPACm4Pjpd {! NDPq ~ I; EdOR5EDz? O. bxL @ # @ & 7sKD ~ J5S {9 CDlx !, PKPi (W! XNv? 5J {bx % ###@ & 7r6Pk dym'i5; + kYcp; +. zUY. k L 'upjmv + YbSU; s {& UN 'J $ V | fb: B * B @ * ZPPtx #@ & iI + k2W/+ c. kD +, J @!? ^. BwOPdCxTECLLC-m/^ Db2D @ * C ^ + MY 'E note: please do not submit illegal requests! -UYDwlzJAAcS + ^-hcZWsvbi4kkYGDz (l ^ 3vRF *@! & J1Dk2O @ * J @ # @ & I]/2Kxk + Rx9c ##@ & 7 + N ~ R6 @ # @ & iU + XY @ # @ & 7 H + XY @ # @ & 72U [, qW @ # @ & 7q6P] n $ E + dOcsGDs @! @ * JE, K4 + x @ # @ & ioWMP3l1t ~ J $ V {hG/DPq ~] + $ E/ORoGM: @ # @ & ioWMPj} d {fCOmTP: G, j8KE n'updmk Lb # @ & drW, kxkODvI + $; N/DRwW.: cj $ VmnKdY *~ J5 ^ {qU % v? 5 v | 9zK )*#@*! P: tU @ # @ & d] + kwGUk + Rq. kD + Pr @! JmMkaY ~ SCUTECoxLmCd1Dk2O @ * ls + MOvB Note: Do not submit illegal requests! W CDYw = zJ hSRJ + ^ A; W: Ebi4k/DG. Xc4mmV 'rq *@! &? 1. kaY @ * E @ # @ & d] nkwGxknc + u9' * @ # @ & I + [Pb0 @ # @ & ixnad@#@ & iU + XY @ # @ & 7nx9Pb0 ~ ##@ & 7b0 ~? $ S1KPxq, YtnU # @ & 7r ~ D. KD, D + kEsnP + aY @ # @ & 7jYP; Gx ?. -+ MR; DnlOn} 4% + 1O 'rb [G94R/G xnmDrKxE * # @ & dZKx jYMEn "r # (G2I {jpdrSA9 $ iGb: B ~? 6i "Z38 + Gc! TcFii (GdlpKqfxpfzKb ~ BU3 ^ + sSJ ~ ##@ & DZKUxcWwU ~ ZKx? OD @ # @ & I + s/@ # @ & ifCOmJEUkO + hCDtrfmYl ~ Lknzr [9 lDlHCs + [rE @ # @ & dW ~ NDMWMP. + d; s ++ ~ XaY @ # @ & 7jYP ^ G x ~, JD-DcZDlDnr (LnmD 'E) Grf ~ ZKxx ^ OkKxr ###@ & 7 ^ KxU/D. rN85 {J_jnMDcmwKmY4 'fmymb _ ri [+ 6l; sDNkMxi9Dk7n. P: bm. WdG6Y ~ L1 ^ + k /~ [Mk ., 'Mrs [(# NpEbNpwmd/SW. N {X $8 &; 1 ^ 6x43ir # @ & d1W x r2n P ^ w u/DD # @ & I + x [~ B0 ##& iqW, 2MDP: tU #@& dnDMR/slD #@ & dU + Y, /Gx P {PHWO4bxL # @ & 7I/2G/+ MkO +, E @! Nr7PkYX ^ + {v: mDLk) qTZw6pWW YOkr "+ = FWwaiOnXYRl ^ ro) ^ n Y +. v @ * database connection error. Check whether the Database Name and path are correct. @! & Nb-@ * J # @ & d "+/aW d + c2UN # @ & 73 NP & W # @ & 87 QBAA == #~ @ %>


If the code is encoded, use a simple tool to decrypt the Code as follows:

<%
&