Network fun online shopping system flagship version(free version)SQL injection vulnerability-vulnerability warning-the black bar safety net

2012-07-19T00:00:00
ID MYHACK58:62201234363
Type myhack58
Reporter 佚名
Modified 2012-07-19T00:00:00

Description

Version:network fun online shopping system flagship version(free version)

Download:http://www. cnhww. com/down. asp? id=6

----------------------------------------------------------------------

First place:

/research. asp

For selectname without any filtering, resulting in a search-type injection

code:

7-1 2 line

dim action,searchkey,anclassid,jiage,selectnameanclassid=request("anclassid")searchkey=request("searchkey")jiage=request("jiage")action=request("action")selectname=request("selectname")

[1] [2] [3] [4] [5] [6] [7] next