emseasy easy through the enterprise website system, the latest injection vulnerability and fix-vulnerability warning-the black bar safety net

ID MYHACK58:62201132479
Type myhack58
Reporter 佚名
Modified 2011-11-30T00:00:00


Easy to pass business website system latest injection vulnerabilities.

Injection EXP:


Directly on Havij the inside run. 错误 关键字 :online.gif

Add the table name: cmseasy_user

List: userid,username,password

Baidu keywords: Powered by CmsEasy

Fix: to include. the php page to filter the corresponding input