新云 3.0.0.518 SQL注入

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

新云网站管理系统是一个采用ASP和MSSQL等其他多种数据库生成静态页面构建的高效网站解决方案。 先看const.asp的GetUserTodayInfo过程。 QUOTE: Lastlogin = Request.Cookies("newasp_net")("LastTime") UserDayInfo = Request.Cookies("newasp_net")("UserToday") If DateDiff("d",LastLogin,Now())<>0 Then ……………… UserDayInfo = "0,0,0,0,0,0" Response.Cookies("newasp_net")("UserToday") = UserDayInfo end if UserToday = Split(UserDayInfo, ",") If Ubound(UserToday) <> 5 Then ……………… UserDayInfo = "0,0,0,0,0,0" Response.Cookies("newasp_net")("UserToday") = UserDayInfo end if 然后是 QUOTE: Public Function updateUserToday(ByVal str) On Error Resume Next If Trim(str) <> "" Then Newasp.Execute("update [NC_User] SET UserToday='" & str & "' where username='"& Newasp.membername &"' And userid=" & Newasp.memberid)...

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息