KesionCMS V9. 0 3 Final SQL injection vulnerability attached to the use of the method-vulnerability warning-the black bar safety net

2013-05-07T00:00:00
ID MYHACK58:62201338648
Type myhack58
Reporter 佚名
Modified 2013-05-07T00:00:00

Description

The vulnerability exists in the User/ChinaBankAutoReceive. asp

<%@LANGUAGE="VBSCRIPT" CODEPAGE="9 3 6"%>

<%option explicit%>

<!--# include file="../Conn. asp"-->

<!--# include file="../Plus/md5. asp"-->

<!--# include file="../KS_Cls/Kesion. MemberCls. asp"-->

<!--# include file="payfunction. asp"-->

<%

'**********

'Software name:Kesion CMS 9.0

'Email: service@kesion.com . QQ:111394,9537636

The ' Web: http://www.kesion.com http://www.kesion.cn

'Copyright (C) Kesion Network All Rights Reserved.

'**********

Response. Buffer = true

Response. Expires = 1

Response. CacheControl = "no-cache"

Dim Error:Set Error=New UserCls

Dim KS:Set KS=New PublicCls

Dim PaymentPlat:PaymentPlat=1

Dim RSP:Set RSP=Server. CreateObject("ADODB. RECORDSET")

RSP. Open "Select top 1 * From KS_PaymentPlat where id=" & PaymentPlat,conn,1,1

If RSP. Eof Then

RSP. Close:Set RSP=Nothing

Response. Write "Error!"

Response. End()

End If

Dim AccountID:AccountID=RSP("AccountID")

Dim MD5Key:MD5Key=RSP("MD5Key")

Dim PayOnlineRate:PayOnlineRate=KS. ChkClng(RSP("Rate"))

Dim RateByUser:RateByUser=KS. ChkClng(RSP("RateByUser"))

RSP. Close:Set RSP=Nothing

Call ChinaBank()

'Online banking online return

Sub ChinaBank()

Dim v_oid,v_pmode,v_pstatus,v_pstring,v_string,v_amount,v_moneytype,remark2,v_md5str,text,md5text,zhuangtai

'Obtain the return parameter value

v_oid=request("v_oid") ' merchant sent v_oid order number

v_pmode=request("v_pmode") ' the payment methods of a string

v_pstatus=request("v_pstatus") ' payment status 2 0 for pay for success;3 0, the payment failed

v_pstring=request("v_pstring") ' the result of payment information the payment is complete when v_pstatus=2 0; the reason for the failure when v_pstatus=3 0; and

v_amount=request("v_amount") ' order actual amount paid

v_moneytype=request("v_moneytype") ' the order of the actual payment currency

remark2=request("remark2") ' Memo field 2

v_md5str=request("v_md5str") ' Internet banking online to piece together the Md5 checksum string

if request("v_md5str")="" then

response. Write("v_md5str: empty value")

response. end

end if

text = v_oid&v_pstatus&v_amount&v_moneytype&MD5Key 'md5 checksum

md5text = the Ucase(trim(md5(text,3 2))) 'merchants to piece together the Md5 checksum string

if md5text<>v_md5str then ' online banking online piece together the Md5 checksum string with the merchant piece together the Md5 checksum string for comparison

response. write("error") 'tell the server verification fails, the retransmission request

response. end 'the interrupt routine

else

response. write("ok")

if v_pstatus=2 0 then 'successful payment

Call UpdateOrder(v_amount,remark2,v_oid,v_pmode)

Conn. Execute("Update KS_LogMoney Set PaymentID=1 Where OrderID='" & v_oid & "'")

else

response. write("error") 'tell the server verification fails, the retransmission request

response. end 'the interrupt routine

end if

end if

end Sub

%>

[1] [2] [3] next