SQL injection vulnerability in new.asp page of Zhengzhou Octo Networks' website builder system

Zhengzhou Octave Networks is a high-tech company that specializes in providing customers with mobile Internet development, high-end website construction, brand Internet marketing and related Internet-based application services. Zhengzhou Octave Networks' website builder system new.asp page has a...

BBSXP论坛程序New.asp页面过滤不严导致SQL注入漏洞

New.asp 代码分析： Sort=HTMLEncodeRequest"Sort" //第24行 if Sort = empty then SqlSort="ThreadID" else SqlSort=Sort end if 。。。。。。 sql="Select top "&SqlTopicCount&" from "&TablePrefix&"Threads where Visible=1 "&SqlForumID&" "&SqlTimeLimit&" order by "&SqlSort&" desc" //第66行 过滤函数HTMLEncode...