Wind news site management system API_Response. asp page there is unauthorized vulnerability-vulnerability warning-the black bar safety net

2010-06-19T00:00:00
ID MYHACK58:62201027282
Type myhack58
Reporter 佚名
Modified 2010-06-19T00:00:00

Description

FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software.

In the file\API\ API_Response. asp: If Request. QueryString<>"" Then //paragraph 1 Line 6 SaveUserCookie() Else Set XmlDoc = Server. CreateObject("msxml2. FreeThreadedDOMDocument" & amp; MsxmlVersion) XmlDoc. ASYNC = False If Not XmlDoc. LOAD(Request) Then Status = 1 Messenger = "data is illegal, the operation is aborted it!" appid = "unknown" Else If Not (XmlDoc. documentElement. selectSingleNode("userip") is nothing) Then UserTrueIP = XmlDoc. documentElement. selectSingleNode("userip"). text End If If CheckPost() Then Select Case Act Case "checkname" The integration document does not determine whether the program is turned on, a malicious user can send this file to submit data to modify the delete user operation.

Official website:<http://www.foosun.net/>, starting wavdb