Blog:www.hi.baidu.com/alonecode
1)注入漏洞:
漏洞文件:new_list.asp:
bid = trim(request("bid"))
sid = trim(request("sid"))
…
if bid<>"" then
bwhere = " and bigid="& bid &""
else
bwhere = ""
end if
if sid<>"" then
swhere = " and smallid="& sid &""
else
swhere = ""
end if
idsql="select * from lxscms_n where shenhe=1"& bwhere & swhere &" order by id desc"
表名:lxscms_u字段:qwbmuname,qwbmupwds
默認後臺:/admin
2)數據庫默認地址:
/admin/#a&_as12=b.as.mdb
修復:new_list.asp頁面過濾參數輸入。修改默認數據庫地址,做防下載處理