2 matches found
Hotel Management System SQL Injection Vulnerability
Hotel Management System is a MIS project based on a hotel management system. v1.0 of Hotel Management System is vulnerable to SQL injection, which stems from a login page whose username parameter was found to contain SQL injection. An attacker could exploit the vulnerability to perform SQL...
逐浪CMS通用型SQL注入6+7(update型)
简要描述: 好像没修复,友情来提交下。本来已经放弃了的 详细说明: 某功能还是存在两个UPDATE型注入,咱们可以秒改管理员密码。当然了也可以insert管理员的,为了避免一些问题就不用insert来测试了 涉及的两个类: public class MISProjectProQuote : Page, IRequiresSessionState public class MISTargetmailQuote : Page, IRequiresSessionState 漏洞证明: 注入点1: 代码如下 public class MISProjectProQuote : Page,...