AspBar V3.4漏洞公布
2457 点击·0 回帖
灯火互联
楼主
 |  | |
 | /* * author:cnryan * Subject: AspBar SQL injection Vulnerability * version: AspBar V3.4 Access */ Ku_inc/Ku_Sql.asp部分代码: <% Dim QueryData,FormData,QueryName,Name QueryData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from" FormData="<%" '没有对有危害字符过滤 cookData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from" ……略…… FormData过滤不严,request()或request.form() 可绕过。 --------------------------- so.asp导致一个注入 if request.querystring("page")="" then keywords=trim(request.form("keyword")) --------------------------- 相关处理 so_news.asp so_art.asp等文件 set rs=server.createobject("adodb.recordset") sql="select * from ku_news where shenhe=1 and (title like '%" ; keywords ; "%' or content like '%" ; keywords ; "%') " modes=request.form("modes") =========================EOF======================== | |
 |  |