151 matches found
SiteServer 3.6.4 /SiteServer/cms/console_user.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/bbs/background_post.aspx SQL注入漏洞
SiteServer 3.6.4 /siteserver/bbs/backgroundpost.aspx文件Tile参数没有合适过滤,导致SQL注入漏洞。 SiteServer 3.6.4...
SiteServer 3.6.4 安全模式绕过漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/cms/modal_contentGroupAdd.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/cms/modal_contentTagAdd.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /ask/search.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/UserRole/background_userAdd.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/cms/background_channelsGroup.aspx SQL注入漏洞
No description provided by source...
siteserver latest version 3. 6. 4 sql inject-vulnerability warning-the black bar safety net
http://xxx.com/siteserver/service/backgroundtaskLog.aspx?Keyword=test%' and @@version=1 and 2='1&DateFrom=&DateTo=&IsSuccess=All The injection point is present in the Keyword, completely without any filtering. VariousSQL injectiontype, you can execute os cmd, off pants 2. The second injection...
SiteServer 3.6.4 background_log.aspx SQL注入漏洞
SiteServer 3.6.4 /siteserver/platform/backgroundlog.aspx文件使用了位于/Bin/BaiRong.BackgroundPages.dll代码,在接收DateFrom参数没有合适过滤,导致SQL注入漏洞。 0 SiteServer 3.6.4 升级到官方最新版: http://www.siteserver.cn...
siteserver latest version 3. 6. 4 background_log. aspx page sql injection vulnerability-vulnerability warning-the black bar safety net
There siteserver/platform/backgroundlog. aspx 用 .NET Reflector decompile BaiRong. BackgroundPages. dll this file View Code is as follows: this. spContents. ConnectionString = BaiRongDataProvider. ConnectionString; flag = base. Request. QueryString"UserName" != null; if ! flag this. spContents...
SiteServer 3.6.4 background_taskLog.aspx SQL注入漏洞
SiteServer 3.6.4 /siteserver/service/backgroundtaskLog.aspx文件使用了位于/Bin/BaiRong.BackgroundPages.dll代码,在接收keyword参数没有合适过滤,导致SQL注入漏洞。 0 SiteServer 3.6.4 升级到官方最新版: http://www.siteserver.cn...
SiteServer 3.6.4 background_dbSqlQuery.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 background_mailSubscribe.aspx SQL注入漏洞
注入存在/siteserver/cms/backgroundmailSubscribe.aspx 用.NET Reflector 反编译SiteServer.CMS.dll这个文件 查看代码如下: if uint isPostBack - uint isPostBack = 0 && isPostBack this.spContents.SelectCommand = DataProvider.MailSubscribeDAO.GetSelectCommendbase.PublishmentSystemID, base.Request.QueryString"Keyword",...
SiteServer 3.6.4 background_thread.aspx SQL注入漏洞
SiteServer 3.6.4 /siteserver/bbs/backgroundthread.aspx 文件Title参数没有合适过滤,导致SQL注入漏洞。 0 SiteServer 3.6.4 升级到官方最新版: http://www.siteserver.cn...
SiteServer 3.6.4 background_contentsGroup.aspx SQL注入漏洞
SiteServer 3.6.4 /siteserver/cms/backgroundcontentsGroup.aspx文件使用了位于/Bin/SiteServer.CMS.dll代码,在接收GroupName参数没有合适过滤,导致SQL注入漏洞。 0 SiteServer 3.6.4 升级到官方最新版: http://www.siteserver.cn...
SiteServer 3.6.4 /siteserver/cms/background_contentsGroup.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/platform/background_dbSqlQuery.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/cms/background_mailSubscribe.aspx SQL注入漏洞
No description provided by source...
SiteServer 3.6.4 /siteserver/userRole/background_administrator.aspx SQL注入漏洞
No description provided by source...