DVBBS7.0SP2 baby studio modified version of Killcache.asp vulnerability

xiaoxiao2021-03-06  54

---------- Baishi

F. W In X No. 9 pointing out the method of checking KEY.ASP in the DVBBS Tang Community Beautification Edition to modify the administrator password invading DVBBS. I didn't intend to meet the DVBBS Baby Studio Modified Edition. It is found that there is such a plug-in killcache.asp. Different are the function of new account and the change password (Figure 1) can see from the card, Killcache - the author makes it a tool for clearing the cache, and not similar to "After remembering Remove this file right away Don't leave the back door. " I want to give up what is the same as the plugin key.asp interface in the Tang Dynasty community beautification version? ! Will it be based on key.asp's modified version. . . .

First try the Killcache.asp in the address bar, plus the plugin key.asp in the DVBBS Datang Community Beautification Edition, modify the administrator password. Action = changePsws, do not, in the Datang Community Beautify version of Winsock The package is submitted to it with NC.

Add killcache.asp? Action = ChangePsw after the URL of the Forum, actually appeared in the same interface to modify the administrator password in Key.asp. (figure 2)

Add Killcache.asp? Action = newpsw, new account calls (Figure 3) is also added after the URL of the Forum.

sweat! ! It seems that it is really based on Key.asp's revised version. The authors are not rainy tears, but they will go to the new button and modify the password. It is more horrible to use it as an administrator tool. . . . .

Like the search key.asp in the DVBBS Datang community beautification version, the forum initially is the account of admin, add Killcache.asp? Action = newpsw new account after the URL of the Forum If admin does not exist, return to newly built user name and password.

If there is an admin to add killcache.asp? Action = ChangePsw in the URL of the Forum, modify the password of it or other administrator account.

Finally, I will remind you that the webmares ignore the most important security blindly to choose some beautification and modification.

转载请注明原文地址:https://www.9cbs.com/read-117051.html

New Post(0)