XSS Vulnerability in FoosunCMS

FoosunCMS content management system FoosunCMS is a content management software based on ASP + ACCESS/MSSQ framework, a domestic open source, integrated web2.0 elements, modular CMS station-building system. FoosunCMS has a stored cross-site scripting vulnerability. Attackers can insert malicious j...

FoosunCMS SQL Injection Vulnerability

FoosunCMS is a content management software based on ASP+ACCESS/MSSQ architecture. FoosunCMS version 1.0 to 2.0 has a SQL injection vulnerability, because the system does not filter the CityId parameter. Allow attackers to exploit the vulnerability to obtain sensitive information in the database...

Foosun CMS v4. 0 /user/SetNextOptions. asp parameters ReqSql SQL injection vulnerability

No description provided by source...

Foosun cms .net版本 City_ajax.aspx 参数 id SQL注入漏洞

0x01漏洞简介 Foosun cms .net版本在/user/Cityajax.aspx对参数Cityid过滤不严格，导致出现SQL注入漏洞。远程攻击者可以利用该漏洞执行SQL指令，获取敏感信息。 0x02漏洞详情 SQL注入漏洞：/user/Cityajax.aspx?Cityid=1 http://.../user/Cityajax.aspx?Cityid=1 数据和用户 0x03修复方案 过滤，或者使用参数化的SQL语句。...

风讯(foosun)CMS .net版本 /user/City_ajax.aspx 文件 Cityid 参数SQL注入漏洞

No description provided by source...

风讯(FooSun) stat.aspx页面存在SQL注入漏洞

No description provided by source...

FooSun Api_Response.ASP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/26552/info FooSun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the...

Foosun 4.0 user/setnextoption.asp SQL注入漏洞

No description provided by source...

风讯（FooSun）SetNextOptions.asp 注入漏洞

风讯网站内容管理系统,现代企业构建自己的门户信息网站将单一的展示转向多类型信息交互层面的web应用程序,自由、开源的设计理念能让你构架出任意风格的网络平台 风讯foosun的注册文件存在漏洞 可以自己读取到管理员帐号和密码。 漏洞文件：/user/SetNextOptions.asp FooSun 5.0 暂无 等待官方补丁 http://www.foosun.net/ 管理员帐号：...

foosun 0day latest injection vulnerability-vulnerability warning-the black bar safety net

Wind noise foosun of the registration document the presence of vulnerabilities. Hackers can storm the administrator account and password. Vulnerability file: www.xxx.com/user/SetNextOptions.asp Using a simple method: Storm administrator account:...

foosun the latest SQL injection vulnerability squib administrator account password-loophole warning-the black bar safety net

foosun latestSQL injectionvulnerability squib administrator account password Wind noise foosun of the registration document the presence of vulnerabilities. Hackers can storm the administrator account and password. Vulnerability file: http://www.xxxx.com/user/SetNextOptions.asp Using a simple...

风讯(FooSun)favorite.asp页面存在越权漏洞(2)

在文件\User\ favorite.asp中： Elseif Request"Action"="sort" Then //第21行 if Request"id"="" Or Request"classID"="" then strShowErr = "li错误的参数！/li" Response.Redirect"lib/error.asp?ErrCodes="&Server.URLEncodestrShowErr&"&ErrorUrl=" Response.end Else UserConn.execute"Update FSMEFavorite set...

风讯（FooSun）Corp_card_Unpass.asp页面存在越权漏洞

在文件\User\ CorpcardUnpass.asp中： If Request.Form"Action" = "Save" then //第14行 Dim DelID,StrTmp,StrTmp1 DelID = request.Form"CorpCardID" if DelID = "" then strShowErr = "li你必须选择一项再删除/li" Call ReturnErrorstrShowErr,"" End if UserConn.execute"Delete From FSMECorpCard where CorpCardID in...

风讯（FooSun）awardAction.asp页面存在SQL注入漏洞

在文件\User\award\awardAction.asp中： Integral=NoSqlHackrequest.QueryString"Integral" //第14行 if action="join" then UserConn.execute"Insert into FSMEUserPrize prizeid,usernumber,awardID values"&CintStrprizeID&",'"&session"FSUserNumber"&"',"&CintStrawardID&"" '获得当前参加人数--------------------------------...

风讯(FooSun) favorite.asp页面存在越权漏洞

FoosunCMS是一款具有强大的功能的基于ASP+ACCESS/MSSQL构架的内容管理软件。 在文件\User\ favorite.asp中： if request"Action"="del" then //第10行 if Request"id"="" then strShowErr = "li错误的参数！/li" Response.Redirect"lib/error.asp?ErrCodes="&Server.URLEncodestrShowErr&"&ErrorUrl=" Response.end else UserConn.execute"Delete from...

FooSun - Api_Response.asp SQL Injection

FooSun - ApiResponse.asp SQL Injection source: https://www.securityfocus.com/bid/26552/info FooSun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...

FooSun - 'Api_Response.asp' SQL Injection

source: https://www.securityfocus.com/bid/26552/info FooSun is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, ...

foosun create new admin exp

No description provided by source. !DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" HTMLHEADTITLEfoosun create new admin exp Codz By flyh4t/TITLE META http-equiv=Content-Type content="text/html; charset=gb2312" META content="MSHTML 6.00.2800.1479" name=GENERATOR/HEAD...

foosun cms4sp5 商业版存在严重注射漏洞

风讯4的防注射函数NoSqlHack存在致命缺陷，导致入侵者可以轻松得到webshell Function.asp Function NoSqlHackFSinputStr 防注射函数的漏洞 风讯4 官方升级 下面的代码可以创建一个用户名为oldjun，密码为12345678的超级管理员...