Cms # SQL Injection # stored xss
CMS vendor:
Jiangsu Xinyue Technology Co., http://www.jsxyidc.com/
Then download it back for local Testing
An online registration is found:
http://localhost:58031/online.asp
In:
Name-Date of birth-willingness to learn course-xss exists in the mailing address
You can play the background blindly...
There is also a message:
There is also SQL Injection --...
File news. asp common. asp showpxxm. asp showgkk. asp showpxxm. asp showteam. asp showdownload. asp showxyzp. asp cannot bear to look directly at all SQL Injection
Example link:
http://localhost:58031/common.asp?id=1http://localhost:58031/news.asp?id=3http://localhost:58031/shownews.asp?id=66 http://localhost:58031/showkbxx.asp?id=32 http://localhost:58031/showgkk.asp?id=4 http://localhost:58031/showpxxm.asp?id=24http://localhost:58031/showteam.asp?id=35http://localhost:58031/showdownload.asp?id=19 http://localhost:58031/showxyzp.asp?id=35
Solution:
Various fixes