Destoon Sql注入漏洞一枚（有条件）

简要描述： 过滤不严。 详细说明： 下的最新版了 在destoon\api\pay\chinabank\notify.php中 $POST = $DPOST; if!$POST exit'error'; $bank = 'chinabank'; $PAY = cacheread'pay.php'; if!$PAY$bank'enable' exit'error'; //这里 必须要启用了这个支付方式才行 if!$PAY$bank'keycode' exit'error'; $key = $PAY$bank'keycode'; $void =trim$POST'void'; $vpmode...

KesionCMS V9. 0 3 Final SQL injection vulnerability attached to the use of the method-vulnerability warning-the black bar safety net

The vulnerability exists in the User/ChinaBankAutoReceive. asp % ' 'Software name:Kesion CMS 9.0 'Email: [email protected] . QQ:111394,9537636 The ' Web: http://www.kesion.com http://www.kesion.cn 'Copyright C Kesion Network All Rights Reserved. ' Response. Buffer = true Response. Expires = 1...