逍遥网店系统漏洞

2009, November 15, 10:01 PM. 漏洞集研
Submitted by admin

漏洞代码开始处
sub checklogin()
set rscheck=conn.execute("select * from buser where UserId='"&欢迎使用.cookies("buyok")("userid")&"'")
if rscheck.eof and rscheck.bof then
response.write "<script language='javascript'>"
response.write "alert('对不起,您还没有注册或登陆。');"
response.write "location.href='javascript:history.go(-1)';"
response.write "</script>"
response.end
end if
set rscheck=nothing
end sub
function checkuserkou()
if 欢迎使用.cookies("buyok")("userid")="" then
checkuserkou=10
else
checkuserkou=欢迎使用.cookies("buyok")("userkou")
if 欢迎使用.cookies("buyok")("userkou")="" then checkuserkou=10
end if
end function
sub aspsql()
end sub
sub buyok_check_path()
end Sub
'漏洞代码结束

利用方法

admin/upload.asp?fuptype=db&fupname=shopbackup&frmname=db.asp

上传GIF后缀的ASP木马,然后COOKIE欺骗后台备份数据库抓包,再然后修改数据包备份上面传上去的马。Over

« 上一篇 | 下一篇 »

Trackbacks
点击获得Trackback地址,Encode: UTF-8 点击获得Trackback地址,Encode: GB2312 or GBK 点击获得Trackback地址,Encode: BIG5
发表评论

评论内容 (必填):