WEBSHELL箱子系统V1.0收信箱子代码漏洞分析及解决方法
<p>/admin/check.asp <br />检测后台登陆的地方 <br /><br><div class="msgheader"><div class="right"><span style="CURSOR: pointer" class="copybut"><u>复制代码</u></span></div>代码如下:</div><div class="msgborder" id="phpcode5"> <br /><!--#Include File="../conn.asp"--> <br /><!--#Include File="../inc/checkstr.asp"--> <br /><% <br />If Trim(Request.Cookies("YB_Cookies")) = "" Then <br />response.Redirect "login.asp" <br />response.End() <br />else <br />dim Rs,SQL <br />SQL = "SELECT * FROM where = '"&checkstr(Request.Cookies("YB_Cookies")("Admin_Username"))&"' and = '"&checkstr(Request.Cookies("YB_Cookies")("Admin_Password"))&"'" <br />Set Rs = YB_Conn.Execute(SQL) <br />if Rs.eof then <br />response.Redirect "login.asp" <br />end if <br />end if <br />%> <br /></div><br />这里对cookies提交没做过滤 直接 利用cookies提交工具提交账户密码为'or'1'='1 即可绕过后台登陆直接进入管理界面。 <br /></p>
頁:
[1]