智睿管理系统修改管理任意密码漏洞后门
漏洞出在Admin_Passod.asp文件, <br /><!--#include file="../Include/conn.asp"--> <br /><!--#include file="../Include/md5.asp"--> <br /><% <br />response.expires = 0 <br />response.expiresabsolute = now() - 1 <br />response.addHeader "pragma","no-cache" <br />response.addHeader "cache-control","private" <br />Response.cachecontrol = "no-cache" <br />'========判断是否具有管理权限 <br />%> <br /><html> <br /><head> <br /><meta. http-equiv="Content-Type" content="text/html; charset=gb2312" /> <br /><title>无标题文档</title> <br /><link href="images/Admin_css.css" type=text/css rel=stylesheet> <br /></head> <br /><body> <br /><br />其实在上面的页面中加入<br /><!--#include file="Admin_check.asp"-->即可,不过不是一个页面,在admin目录中有多个页面需要添加。
頁:
[1]