Mao hongliang personal website management system v1.0.0 contains backdoor + injection + editor Defects

By Jin chuangyao
 
Affected Versions: Mao hongliang personal website management system v1.0.0
: Http://down.chinaz.com/soft/30614.htm
 
Let's talk about this system first. The author seems to be very narcissistic. The message book is full of things like Daniel and niuqiang. In addition, all the preset photos on the system are from the author. Not Installation
 
I found that his website system had left a backdoor, but it was not ruled out that the website was left by the author, but it was still quite evil.
 
① Backdoor address \ Edit \ EDIT \ images \ 2-13.asa
 
The location is hidden and put in the image directory of the editor.
 
Password: baojuhua)
 
② Injection Vulnerability
Vulnerability file: \ article \ index. asp
Vulnerability code:
Cat_id = request ("class_id ")
Dim rs, SQL
SQL = "select Article_id, Article_Title, Article_count, Article_date, Article_Red, cat_id from Article"
Obviously, it is not filtered out. This vulnerability is included in the author's main site, and the Administrator account and password can be easily guessed by pangolin. I just couldn't find the background ..... If the who has a large dictionary, try it.
Vulnerability file:/soft/index. asp www.2cto.com
Vulnerability code:
<%
Cat_id = request ("class_id ")
Sqlcount = "select count (soft_id) as cp from soft"
If cat_id <> "" Then
Sqlcount = sqlcount & "where cat_id =" & cat_id
End if
Set rscount = Server. CreateObject ("ADODB. RecordSet ")
Rscount. Open sqlcount, conn, 1, 1
%>
Basically the same as above
 
Other vulnerability files:
/Book/index. asp
/Jscode/index. asp
/Music/index. asp
 
③ Editor Version
Background logon address/Edit/EDIT/login. asp
Default password admin
It seems that the database has not been found. Later I found that the password was saved in the editor configuration file.
Configuration file address: \ Edit \ asp \ config. asp
 
The following is simple: Add a style sheet, followed by the same style ....