Affected version:Hui-Bo Shopping Mall system V6. 0
Vulnerability description: injection vulnerability
Publishing author: m4r10 <http://hi.baidu.com/m4r10> reproduced please indicate the copyright
Vulnerability analysis:product_inc. asp, checkSQL. asp
Only filter up the front and rear spaces, after the file call checkSQL. asp universal anti-injection.
Line 6: The Fy_Url=Request. ServerVariables("QUERY_STRING")
This is not to say that large cattle were many years ago for this General purpose anti-implantation were studied. Directly below given the use of the process
The exploit: the
<http://URL/product.asp?%69d=1> throw into the injection tool ran directly to
Note: the 6.0 later joined the CNum function IsNumeric determine with the CLng conversion filter here injected
The other day in the black hat forum users go, I was not given the use of last night to write this analysis process, today issued to it, very simple.