远古VOD是一个很不错的系统,这个注入漏洞出现很久了,现发出来,供大家研究研究,不要破坏哦!
漏洞文件webmedia/common/function/xtree.asp
关键词:
远古VOD系统 注入漏洞
〈!--#include file="../dbcon.inc.asp" -->
〈%
iNode_ID = Request.QueryString("id")
if Len(Session("SuperAdmin")) > 0 or Len(Session("LIVEAdmin")) > 0 or Len(Session("VODAdmin")) > 0 then
szSQL = "SELECT Type_ID,ParentID,TypeName FROM TypeInfo WHERE Type_ID>=20 AND ParentID=" & iNode_ID
else
szSQL = "SELECT Type_ID,ParentID,TypeName FROM TypeInfo WHERE Type_ID>20 AND ParentID=" & iNode_ID
end if
rsData.Open szSQL,con,1,3
szRetVar = ""
do while not rsData.EOF
szRetVar = szRetVar & ""
szRetVar = szRetVar & "" & rsData("Type_ID") & ""
szRetVar = szRetVar & "" & rsData("ParentID") & ""
szRetVar = szRetVar & "" & Replace(rsData("TypeName"), "&", "&") & ""
szRetVar = szRetVar & ""
rsData.MoveNext
loop
szRetVar = szRetVar & ""
rsData.Close
Response.CharSet = "GB2312"
Response.C
Response.Expires = -1
Response.Write szRetVar
%>
〈!--#include file="../dbend.inc.asp" -->
〈!--#include file="../dbcon.inc.asp" -->
〈%
iNode_ID = Request.QueryString("id")
if Len(Session("SuperAdmin")) > 0 or Len(Session("LIVEAdmin")) > 0 or Len(Session("VODAdmin")) > 0 then
szSQL = "SELECT Type_ID,ParentID,TypeName FROM TypeInfo WHERE Type_ID>=20 AND ParentID=" & iNode_ID
else
szSQL = "SELECT Type_ID,ParentID,TypeName FROM TypeInfo WHERE Type_ID>20 AND ParentID=" & iNode_ID
end if
rsData.Open szSQL,con,1,3
szRetVar = ""
do while not rsData.EOF
szRetVar = szRetVar & ""
szRetVar = szRetVar & "" & rsData("Type_ID") & ""
szRetVar = szRetVar & "" & rsData("ParentID") & ""
szRetVar = szRetVar & "" & Replace(rsData("TypeName"), "&", "&") & ""
szRetVar = szRetVar & ""
rsData.MoveNext
loop
szRetVar = szRetVar & ""
rsData.Close
Response.CharSet = "GB2312"
Response.C
Response.Expires = -1
Response.Write szRetVar
%>
〈!--#include file="../dbend.inc.asp" -->
很容易看出以上存在着DB权限注入
漏洞利用方法 :
本帖隐藏的内容需要回复才可以浏览
