Author: invincible gold record administration
Affected versions: its great foreign trade enterprise website management system Studio edition v2. 7beat
Download: http://down.chinaz.com/soft/30850.htm
① The guestbook to any user database plug horse
Vulnerability files/cn/guestbook. asp
Because download the free version, there is no guestbook, but the official website has this column, believe that genuine users should also exist, and the official website of the database path and does not modify(☆_☆)
After the test, the message data can be successfully written to the database. The most critical is the database suffix is asp it! Haha, directly in the message of the written word. Okay, the chopper is connected to the…
② The database is not do anti-download processing
Database address:\ttdata\ez_turiy_tt. asp
The direct use of Thunder download down local to find the administrator account password, login background background address:/ez-admin/index. asp
The backend can put the data into the database.
Other than that small hole. but still gotta say it!
③ Injection vulnerability
Vulnerability file:\Cn\newscat. asp
Needless to say, unfiltered, Tools Add Table: ezsusers
④ ReceptionXSScode to background execution
.。。。。。。