Siteserver cms SQL Injection Vulnerability

This vulnerability also exists in the latest program version 3.5. If the test is successful on the official website, you can access the server permission. 1. The following page has a injection point: http://demo2.siteserver.cn/LiveFiles/Pages/Inner/count.aspx? ModuleType = Count & UserModuleClientID = login & userName = friends % 27% 20and % 20% 27 = % 271% 2. Note: 3. Here, there are two branches available: (1) directly Using database security configuration problems to read directories, write shell and Other write files will be gone, anyway, using the database to write files to the web directory, or non-web directory (2) read the Administrator account password and log on to the background to add a template. Add the single file template of aspx directly. Ps: The management password is encrypted. It doesn't matter. We can insert a password to retrieve the password on the background login page (the encryption method is reversible and friendly)


Then, the background plug-in to write shell diagrams may be messy, and various subdomain names are available. Because most of the subdomain names on the official website have this vulnerability, the main site www.siteserver.com didn't want to be published here, after all, open-source cms is no better than a single site. Once published, users may be affected. Therefore, we hope to be cautious about making public, and the vendor can promptly urge users to update programs.Solution: This vulnerability exists in the latest version 3.5. What can I do? I have learned Fine Arts and have no idea how to prevent injection, but I know that deleting/LiveFiles/Pages/Inner/count. aspx must be powerful and I cannot forget the security.