ZYCHCMS 4.2 add-js.asp SQL注入

No description provided by source...

Anti-injection code is not anti-injection-vulnerability warning-the black bar safety net

Here we use the old y system to illustrate the problem. The vulnerability appears in the js. the asp file. If CheckStrRequest"ClassNo" "" then ClassNo = splitCheckStrRequest"ClassNo","|" 'Here is to get the variable using checkstr filter, but the feeling didn't play a role. Then divided into an...