邪恶八进制信息安全团队技术讨论组 » 重要安全公告{ Security Advisory Bulletin } » 漏洞分析[ Vulnerability Analyse ] » [转载]动网论坛DVBBS) logout.asp页面存在注入漏洞 [查看完整版本]

心灵港湾 2005-9-17 09:08

[转载]动网论坛DVBBS) logout.asp页面存在注入漏洞

logout.asp:
/--------------------------------------------------------------------------
<!--#include file="conn.asp"-->

<!--#include file="inc/const.asp"-->

<%
dim activeuser
membername=request.cookies("aspsky")("username")
if session("userid")<>"" then
activeuser="delete from online where id="&session("userid")
Conn.Execute activeuser
end if
if membername<>"" then
activeuser="delete from online where username=&#39;"&membername&"&#39;"
Conn.Execute activeuser
end if
Response.Cookies("aspsky").path=cookiepath
Response.Cookies("aspsky")("username")=""
Response.Cookies("aspsky")("password")=""
Response.Cookies("aspsky")("userclass")=""
Response.Cookies("aspsky")("userid")=""
Response.Cookies("aspsky")("userhidden")=""
Response.Cookies("aspsky")("usercookies")=""
session("userid")=""
conn.close
set conn=nothing
response.redirect("index.asp")
%>
/--------------------------------------------------------------------------
因程序当中的logout.asp页面对于
activeuser="delete from online where username=&#39;"&membername&"&#39;"并没有做好过滤导致了问题的产生,

hb6106 2005-9-17 11:53

你说的应该是dvbbs7.0的吧!!dvbbs7.10是这样的"ctiveuser="delete from Dv_online where username=&#39;"&Session(Dvbbs.CacheName & "UserID")(5)&"&#39;""

查看完整版本: [转载]动网论坛DVBBS) logout.asp页面存在注入漏洞

© 1999-2008 EvilOctal Security Team