Oblog 4.5-4.6 access&mssql getshell 0day-vulnerability warning-the black bar safety net

Impact range: 4.5 - 4.6 Vulnerability requirements: IIS6. 0\Open Membership Mining author:henry Absolute originality, technical content is not high,but the impact of the relatively wide range of.. Vulnerability file: AjaxServer. asp 3 of 7 2 rows logfilename = TrimRequest"filename"//not filter...

Oblog多用户博客程序strMonth变量过滤不严导致SQL注入漏洞

文件In/ClassUserCommand.asp : 1. strMonth=Request"month" //第63行 2. 3. strDay=Request"day" 4. 5. …… 6. 7. Case "month" //第84行 8. 9. Dim LastDay 10. 11. GPFileName = GPFileName & "month&month=" & strMonth 12. 13. strDay=LeftstrMonth,4 & "-" & RightstrMonth,2 & "-01" 14. 15. mYear=LeftstrMonth,4 16. 1...

Oblog latest injection vulnerabilities analysis(already patched)-vulnerability warning-the black bar safety net

Date: 2008-5-15 Author: YamatoBCT Version: for Oblog 4.5-4.6 sql Code analysis: File In/ClassUserCommand. asp : strMonth=Request"month" //6th line 3 strDay=Request"day" ...... Case "month" //the first 8 line 4 Dim LastDay GPFileName = GPFileName & "month&month=" & strMonth strDay=LeftstrMonth,4 &...

Important: pcre security update

4.5-4.6 - Add pcre-4.5-CVE-2007-1659.patch - Update pcre-4.5-CVE-2007-1660.patch - Add pcre-4.5-CVE-2007-7230.patch - Resolves: 380511...