Anti-injection code is not anti-injection-vulnerability warning-the black bar safety net

Here we use the old y system to illustrate the problem. The vulnerability appears in the js. the asp file. If CheckStrRequest"ClassNo" "" then ClassNo = splitCheckStrRequest"ClassNo","|" 'Here is to get the variable using checkstr filter, but the feeling didn't play a role. Then divided into an...

Old Y article management system of the injection 0day-vulnerability warning-the black bar safety net

Magic springsB. S. N. hacking Defense Vulnerability rating: moderate Vulnerability description: The vulnerability appears in the js. asp, we first look at the source code. Code: If CheckStrRequest"ClassNo" "" then ClassNo = splitCheckStrRequest"ClassNo","|" 'Here is to get the variable using...

PJBlog博客程序多个文件存在SQL注入漏洞

经代码审核发现blogcomm.asp、class/clswap.asp、member.asp存在SQL注入漏洞。 在member.asp文件 1. UID=trimCheckStrrequest.form"UID" //191行 2. …………………… 3. set checkUser=conn.execute"select top 1 from blogMember where memid="&UID" and memName='"&CheckStrmemName"'" 4. if checkUser.eof then 5. ReInfo0="错误信息" 6...