Hui-Bo Shopping Mall system V6. 0 without the stringent filtering, resulting inSQL injectionvulnerabilities.
Vulnerability analysis:product_inc. asp, checkSQL. asp
Id = Trim(Request. QueryString("id"))
If Id="" then
End If only the filter before and after the spaces after the file call checkSQL. asp universal anti-injection.
The first 6 lines:
Fy_Url=Request. ServerVariables("QUERY_STRING") this is not to say that large cattle were many years ago for this General purpose anti-implantation were studied. Directly below given the use of the process
The exploit: the
http://URL/product.asp?%69d=1 to throw into the injection tool ran directly to
Note: the 6.0 later joined the CNum function IsNumeric determine with the CLng conversion filter here injected