Dusty Yajitang Graphic System Multiple Pages There is a SQLINJECTION vulnerability

zhaozj2021-02-16  96

I am in the dusty graphics system v3.0 (boiling revision) Build20030123 version discovery

After the field test, this vulnerability is also present. Just modify the version of the password with MD5 encryption

There is a vulnerability page: type.asp, special_news.asp (may have, due to time relationship, I don't look at ^ _ ^)

Determine the page of the vulnerability: Type.asp, I use this page SQLINJECTION to get the background permissions of a school website. However, in the background management, the ASP file cannot be uploaded, and the previous time the network explodes the file upload vulnerability. I don't know if I can use it. I still hope that the expert guidance

Vulnerability Cause: No filtered URL parameters

About the specific use of the SQLINJECTION vulnerability, huh, huh, the information online is, there is not much to say

转载请注明原文地址:https://www.9cbs.com/read-11138.html

New Post(0)