The BBSGood Forum program indexlabel. asp and labelsave. asp pages have the SQL injection vulnerability. In the file indexlabel. asp: sqlselecttop1Admin, UserName, role (bbsinfoadminuser), Row 1 SetrsServer. CreateObject
BBSGoodBbs'Target = '_ blank'>ForumProgram indExLabel. asp and labeLsThe ave. asp page has the SQL injection vulnerability.
In the file indexlabel. asp: SQL = "select top 1 Admin, UserName, Password from bbsgood_Admin where UserName = '" & Request. cookies (bbsinfo & "adminuser") & "'" // Set rs = Server in row 115th. createObject ("ADODB. record
Set")
The program does not verify whether the user logs on. As a result, the cookie value is not filtered and the injection vulnerability is generated.
In the file labelsave. asp: SQL = "select top 1 Admin, UserName, Password from BBSGood_Admin where UserName = '" & Request. cookies (bbsinfo & "adminuser") & "'" // The 115th-line program does not verify whether the user logs on. As a result, the cookie value is not filtered and an injection vulnerability is generated.