仙遊旅行社管理系統v1.0漏洞及修復 - 漏洞發佈 京華志

 Author:mer4en7y
Blog:www.hi.baidu.com/alonecode
1)注入漏洞：
漏洞文件:new_list.asp:
bid = trim(request("bid"))
sid = trim(request("sid"))
…
if bid<>"" then
bwhere = " and bigid="& bid &""
else
bwhere = ""
end if
if sid<>"" then
swhere = " and smallid="& sid &""
else
swhere = ""
end if
idsql="select * from lxscms_n where shenhe=1"& bwhere & swhere &" order by id desc"
表名:lxscms_u字段:qwbmuname,qwbmupwds
默認後臺:/admin

2)數據庫默認地址:
/admin/#a&_as12=b.as.mdb

修復：new_list.asp頁面過濾參數輸入。修改默認數據庫地址，做防下載處理

www.jinghuazhi.com