Shopv8 mall system v10.48 vulnerability Author: Lan3a affected version: Shopv8 mall system v10.48 vulnerability Description: pinglun. asp page contains the SQL Injection Author: Lan3a Background: pinglun. asp file. Code: % dimbookid, actionpinglunidrequest. QueryString (id) directly submit actionrequ
Shopv8 mall system v10.48 Vulnerability
Author: Lan3a
Affected Versions: Shopv8 mall system v10.48
Vulnerability description:PingSQL Injection exists on the lun. asp page
Author: Lan3a
Background: pinglun. asp.
The Code is as follows:
<% Dim bookId, Action
Pinglunid = request. QuerySTrIng ("id") direct submission
Action = request. QueryString ("action ")
If action = "save" then
SetRs = server. CreateObject ("adodb. recordset ")
Rs. open "select * from shop_pinglun where pinglunid =" & pinglunid, conn, 1, 3
Rs ("huifu") = HTMLENcOde2 (trim (request ("huifu ")))
Rs ("huifuDate") = Now ()
Rs. update
Rs. close
Set rs = nothing
Response.Write"