Webshop open-source marketplace has multiple SQL Injection

If you need to perform a vulnerability demonstration, you can search for the vulnerability on the Internet and find that the webshop looks good, so you can download and test it. As a result, there are many vulnerabilities, A variety of vulnerabilities are very convenient demonstration :) Webshop official website http://www.web13800.cn/known as more than 13000 users, 2012 version provides open source version, is focused on small and medium enterprises and individuals of e-commerce platform. The website system (of multiple versions) has multiple SQL injection vulnerabilities.
Download version 5.1: http://www.bkjia.com/ym/201111/30307.html, view the source code, found multiple SQL Injection Vulnerabilities (117) part of the following: such as the root directory show_all.asp 48 to 63 lines

<% Sql3 = "select * from e_contect where c_id =" & request ("c_id") set rs3 = server. createObject ("adodb. recordset ") rs3.open sql3, conn, 1, 1if rs3.bof or rs3.eof thenelseset c_id = rs3 (" c_id ") set c_title = rs3 (" c_title ") set c_contect = rs3 ("c_contect") set c_addtime = rs3 ("c_addtime") %>

 

SQL Injection exists in several files of the system, and multiple SQL Injection exists in the same file. Vulnerability exploitation is related to the database used. The system uses the access database by default.
Solution:

Ask google.