FoosunCms the asp version getshell-a vulnerability warning-the black bar safety net

2013-12-27T00:00:00
ID MYHACK58:62201341588
Type myhack58
Reporter 佚名
Modified 2013-12-27T00:00:00

Description

In the file\User\award\awardAction. asp:

|

1

2

3

4

5

6

7

8

9

|

Integral=NoSqlHack(request. QueryString("Integral"))

ifaction="join"then

User_Conn. execute("Insert into FS_ME_User_Prize (prizeid,usernumber,awardID) values("& CintStr(prizeID)&",'"&session("FS_UserNumber")&"',"& CintStr(awardID)&")")

'Get the current number of participants--------------------------------

User_Conn. execute("Update FS_ME_Users set Integral=(Integral-"&Integral&") where usernumber='"&session("FS_UserNumber")&"'")

---|---

[1] [2] next