W78CMS v2. 7. 6 search type injection problems and repair solutions-vulnerability warning-the black bar safety net

Brief description: W78CMS enterprise website management system v2. 7. 6 UTF-8 the presence of search-type injection problems Detailed description: File so. asp 2 2 row % t=request. QueryString"t" key=request. QueryString"key" if t="" then Response. Write"scriptalert'please select to search the...

W78cms website management system 0day-vulnerability warning-the black bar safety net

The vulnerability is simple, appear in the editor above, the prawns should all know: Keywords: inurl:ShopMore. asp? id Visit this address http://hackqing.com/nbwebshell/admin/Editor/asp/upload.asp?action=save&type=image&style=popup&cusdir=Hack. the asp Visit this address can build a Hack. ASP...

W78CMS enterprise website management system v2. 6. 1 injection-vulnerability warning-the black bar safety net

Author: Lan3a Keywords: inurl:ShowDownload. asp? id= In the admin directory, addjs. the asp file. Not to do any treatment directly query the database. !-- include file="../conn. asp" - % set js = server. CreateObject"ADODB. RecordSet" sql="select from ad where id="& request. QueryString"id" set j...