Max CMS latest cookie injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability file: admin/admininc. asp The code is as follows: Sub checkPower //first 1 0 3 row dim loginValidate,rsObj : loginValidate = "maxcms2. 0" err. clear on error resume next set rsObj=conn. db"select mrandom,mlevel from premanager where musername="" rCookie"musername"&""","execute"...

Max CMS2. 0beta (maxcms)SQL injection and administrator authentication bypass vulnerability-vulnerability warning-the black bar safety net

This system was internally very popular video-on-demand system, before 1. 5 version vulnerability very much, the 2.0 version in terms of security has improved, but still there are loopholes exist. Look at the code \inc\ajax. asp dim action : action = getForm"action", "get" response. Charset="gbk"...