Author: curious
Version: ftbbs v7.1 (static installation version) seems to be the latest
Vulnerability page: usercenter. asp
The vulnerability is caused by loose filtering of blogmid.
Blogmid = Checkstr (request. form ("blogmid "))
If blogmid <> "" then
SQL = "update" & ft & "clubuser set blog_mid =" & blogmid & "where clubuser_id =" & userid
Conn.exe cute SQL
End if
Although the above blogmid is filtered by Checkstr (),
Check the Code in the following Checkstr ().
Function Checkstr (Str)
If Isnull (Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace (Str, Chr (0 ),"")
Str = Replace (Str, "success ,",","‚")
CheckStr = Replace (Str ,"","")
End Function
Only empty chr (0) is filtered out ),
The first one does not know how to explain. Sorry.
I feel like it is not related to our <iframe src = http://www.bkjia.com> </iframe>
However, enter <iframe src = http://www.bkjia.com> </iframe> directly on the home page does not display
It is closed by <script> </script>.
Enter </script> <iframe src = http://www.bkjia.com> </iframe>
Remember the previous picture