新云2.1&3.0的两个跨站

漏洞文件
1:user/changeinfo.asp

<!--#include file="config.asp"-->
<!--#include file="check.asp"-->
<!--#include file="../inc/md5.asp"-->
<!--#include file="../inc/chkinput.asp"-->
<!--#include file="../api/cls_api.asp"-->
<!--#include file="head.inc"-->
================省略部分代码==============================================
<%
End If
Rs.Close:Set Rs = Nothing
End If
If Founderr = True Then
Call Returnerr(ErrMsg)
End If
Sub ChangeUserInfo()
On Error Resume Next
Dim username, password,userid
Dim usersex,sex
username = Newasp.CheckBadstr(Newasp.membername)
userid = Newasp.ChkNumeric(memberid)
If Newasp.CheckPost=False Then
ErrMsg = ErrMsg + Postmsg
FoundErr = True
Exit Sub
End If
If Newasp.IsValidPassword(Request.Form("answer")) = False And Trim(Request.Form("answer")) <> "" Then
ErrMsg = ErrMsg + "<li>密码问题答案中含有非法字符!</li>"
Founderr = True
End If
If Trim(Request.Form("username")) <> username Then
ErrMsg = ErrMsg + "<li>非法操作!</li>"
Founderr = True
End If
If Trim(Request.Form("password")) = "" Then
ErrMsg = ErrMsg + "<li>请输入用户密码!</li>"
Founderr = True
Else
password = md5(Request.Form("password"))
End If
If userid = 0 Then
FoundErr = True
ErrMsg = ErrMsg + "<li>Sorry!您选择了错误的系统参数。</li>"
Exit Sub
End If

If Trim(Request.Form("nickname")) = "" Then
ErrMsg = ErrMsg + "<li>用户昵称不能为空!</li>"
Founderr = True
End If
If Newasp.IsValidStr(Request.Form("nickname")) = False Then
ErrMsg = ErrMsg + "<li>用户昵称中含有非法字符!</li>"
Founderr = True
End If
If Trim(Request.Form("TrueName")) = "" Then
ErrMsg = ErrMsg + "<li>真实姓名不能为空!</li>"
Founderr = True
End If
If Newasp.IsValidStr(Request.Form("TrueName")) = False Then
ErrMsg = ErrMsg + "<li>真实姓名中含有非法字符!</li>"
Founderr = True
End If
If Trim(Request.Form("usermail")) = "" Then
ErrMsg = ErrMsg + "<li>您的Email不能为空!</li>"
Founderr = True
End If
If IsValidEmail(Request.Form("usermail")) = False Then
ErrMsg = ErrMsg + "<li>您的Email有错误!</li>"
Founderr = True
End If
If Not IsNumeric(Request.Form("oicq")) And Trim(Request.Form("oicq")) <> "" Then
FoundErr = True
ErrMsg = ErrMsg + "<li>QQ号码请用数字填写。</li>"
End If
If Trim(Request.Form("HomePage")) <> "" And Left(Request.Form("HomePage"),7) <> "http://" Then
FoundErr = True
ErrMsg = ErrMsg + "<li>个人主页地址输入有误,请以“http://”开头。</li>"
End If
If Not Newasp.CodeIsTrue() Then
ErrMsg = ErrMsg + "<meta http-equiv=""refresh"" content=""2;URL=changeinfo.asp""><li>验证码校验失败,请返回刷新页面再试。两秒后自动返回</li>"
Session("GetCode") = ""
Founderr = True
Exit Sub
End If
Session("GetCode") = ""
If Trim(Request.Form("usersex")) = "" Then
ErrMsg = ErrMsg + "<li>您的姓别不能为空!</li>"
Founderr = True
Else
usersex = Newasp.CheckBadstr(Request.Form("usersex"))
End If
If usersex = "女" Then
sex = 0
Else
sex = 1
End If

If Founderr = True Then Exit Sub
Set Rs = Server.CreateObject("ADODB.RecordSet")
SQL = "Select * FROM [NC_user] Where username='" & username & "' And user>

方便多了 不过这个paymode貌似只限制提交70个字符 不过也够我们调用JS之类的,貌似盗了COOKIE可以直接欺骗后台吧? 呵呵 官方的后台

原来是newasp_admin 后来喊他改了 HOHO 漏洞也补了

没什么技术含量 纯属娱乐别见笑哈.

相关文章:

  • 2021-07-26
  • 2021-12-01
  • 2022-12-23
  • 2021-11-06
  • 2021-06-25
  • 2022-12-23
  • 2022-12-23
  • 2021-11-29
猜你喜欢
  • 2021-07-29
  • 2022-12-23
  • 2021-08-18
  • 2022-02-26
  • 2021-06-22
  • 2021-12-26
  • 2022-02-26
相关资源
相似解决方案
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode