VULHUB ™

漏洞出现在show.asp 358行开始 ``` dim pkid,model,productname,smallpicpath,price1,price2,pipai pkid=request("pkid") sql="select * from view_product where pkid = "&pkid set rs=server.createobject("adodb.recordset") rs.open sql,conn,1,1 if rs.bof or rs.eof then ``` pkid直接通过request获取 并拼接到sql语句中 没有任何过滤 poc: http://www.gzsewing.com/show.asp?pkid=1'

漏洞出现在show.asp 358行开始 ``` dim pkid,model,productname,smallpicpath,price1,price2,pipai pkid=request("pkid") sql="select * from view_product where pkid = "&pkid set rs=server.createobject("adodb.recordset") rs.open sql,conn,1,1 if rs.bof or rs.eof then ``` pkid直接通过request获取 并拼接到sql语句中 没有任何过滤 poc: http://www.gzsewing.com/show.asp?pkid=1'