Home > Cloud Computing > Cloud Security

SiteDynamic v1.6.0.1 SQL Injection 0day

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

SiteDynamic enterprise website management system v1.6.0.1 I will not talk about it much, there are not many websites used, and I helped my friends dig holes. On the Forum, xiya posted the fckeditor Upload Vulnerability. Read the Code:
001 // page/default. asp 5-122

002

003

004 <%

005 pageID = strCLng (Trim (Request ("pageID ")))

006 ID = strCLng (Trim (Request ("ID ")))

007

008 If isNumeric (pageID) = False Then

009 FoundErr = True

010 Message = Message & amp; "<li> parameter error! </Li>"

011 End If

012

013 if FoundErr <> True then

014

015 if ID = 0 then

016

017 If pageID <> 0 Then

018 set rs = server. CreateObject ("adodb. recordset ")

019 SQL = "Select * from db_channel where pageID =" & amp; pageID

020 rs. open SQL, conn, 1, 1

021 pageName = rs ("pageName ")

022 description = rs ("description ")

023 keywords = rs ("keywords ")

024 pic = rs ("pic ")

025 link = rs ("link ")

026 PageMode = rs ("PageMode ")

027 PageAmount = rs ("PageAmount ")

028 PageLine = rs ("PageLine ")

029 intro = rs ("intro ")

030

031 If Not rs. Eof Then

032 if rs ("pageID")> 0 then

033 if rs ("ChiID")> 0 then

034 strChiID = ""

035 set strrs1_conn.exe cute ("select pageID from db_channel where ParentID =" & amp; rs ("pageID") & amp; "or ParentPath like & apos;" & amp; rs ("ParentPath") & amp; "," & amp; rs ("pageID") & amp; ", % & apos ;")

036

037 do while not strRs. eof

038 if strChiID = "" then

039 strChiID = strRs (0)

040 else

041 strChiID = strChiID & amp; "," & amp; strRs (0)

042 end if

043 strRs. movenext

044 loop

045 else

046 strChiID = pageID

047 end if

048 end if

049 end If

050 rs. close

051 set rs = nothing

052

053 SQL = "select * from db_page Where pageID in (" & amp; strChiID & amp ;")"

054 Else

055 SQL = "select * from db_page where 1 = 1"

056 End If

057 else

058 SQL = "select * from db_page where ID =" & amp; ID & amp ;""

059 End if

060

061 if not (Trim (Request ("keyword") = "" or isempty (Trim (Request ("keyword") then

062 SQL = SQL & amp; "and (title like & apos; %" & amp; Trim (Request ("keyword") & amp; "% & apos; or content like & apos; % "& amp; Trim (Request (" keyword ") & amp;" % & apos;) "// bugs

063 end if

064

065 SQL = SQL & amp; "order by dateandtime desc"

066 & apos; response. write SQL

067 & apos; response. end

068 set rs = server. CreateObject ("adodb. recordset ")

069 rs. open SQL, conn, 1, 1

070

071 if ID <> 0 then

072 if Trim (rs ("PageMode") = 4 then

073 response. redirect Trim (rs ("URL "))

074 end if

075 & apos; file type

076 if Trim (rs ("PageMode") = 3 then

077 filesURL = Trim (rs ("files "))

078 If filesURL = "" Then

079 response. write "No data! "

080 End If

081 Call Getdownload (filesURL)

082 end if

083

084 srtTitle = Trim (rs ("Title "))

085 srtPageID = Trim (rs ("pageID "))

086 description = rs ("description ")

087 keywords = rs ("keywords ")

088 end if

089

090 sub getTitle ()

091 if pageID = 0 and ID = 0 then

092 response. write "full-text search"

093 elseif pageID <> 0 then

094 response. write "" & amp; pageName & amp ;""

095 elseif ID <> 0 then

096 response. write "" & amp; srtTitle & amp ;""

097 end if

098 end sub

099

100 sub getadoTitle ()

101 if pageID = 0 and ID = 0 then

102 response. write "full-text search"

103 elseif pageID <> 0 then

104 response. write "" & amp; pageName & amp ;""

105 elseif ID <> 0 then

106 doPageID = rs ("PageID ")

107 set doRs = server. CreateObject ("adodb. recordset ")

108 Set doRs = conn. Execute ("Select * From db_channel Where pageID =" & amp; doPageID)

109 response. write "" & amp; Trim (doRs ("pageName") & amp ;""

110 end if

111 end sub

112

113 sub getLocation ()

114 if pageID = 0 and ID = 0 then

115 response. write "-& amp; gt; full-text search"

116 elseif ID <> 0 then

117 call Nav (srtPageID)

118 else

119 call Nav (pageID)

120 end if

121 end sub

 

Use Code
Javascript: alert (document. cookie = "keyword =" + esc

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
sql injection sql server advanced sql injection advanced sql injection tutorial best sql injection block sql injection php automatic sql injection codeigniter prevent sql injection
Related Article
How does personal cloud security guarantee data security?
Model-driven cloud security-automating cloud security with cl...
Cloud security to achieve effective prevention of the future ...
Focus on three major cloud security areas, you know?
Decrypting Cisco type 5 password hashes
Using redis to write webshell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More