在文件Members.asp中:
SearchType=HTMLEncode(Request("SearchType")) //第38行
SearchText=HTMLEncode(Request("SearchText"))
SearchRole=HTMLEncode(Request("SearchRole"))
CurrentAccountStatus=HTMLEncode(Request("CurrentAccountStatus"))
JoinedDateComparer=Left(Request("JoinedDateComparer"),1)
LastPostDateComparer=Left(Request("LastPostDateComparer"),1)
JoinedDate_picker=HTMLEncode(Request("JoinedDate_picker"))
LastPostDate_picker=HTMLEncode(Request("LastPostDate_picker"))
if SearchType="all" then SearchType="UserEmail like '%"&SearchText&"%' or UserName"
if SearchText<>"" then item=item&" and ("&SearchType&" like '%"&SearchText&"%')"
if JoinedDate_picker<>"" and JoinedDateComparer<>"" then item=item&" and DateDiff("&SqlChar&"d"&SqlChar&",'"&JoinedDate_picker&"',UserRegisterTime) "&JoinedDateComparer&" 0"
if LastPostDate_picker<>"" and LastPostDateComparer<>"" then item=item&" and DateDiff("&SqlChar&"d"&SqlChar&",'"&LastPostDate_picker&"',UserActivityTime) "&LastPostDateComparer&" 0"
if SearchRole <> "" then item=item&" and UserRoleID="&SearchRole&""
if CurrentAccountStatus <> "" then item=item&" and UserAccountStatus="&CurrentAccountStatus&""
多个数字变量使用过滤字符的函数过滤导致注入漏洞的产生。
WoDig 4.1.2
厂商补丁
WoDig
------------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href="http://www.wodig.com/" target="_blank" rel=external nofollow>http://www.wodig.com/</a>
京公网安备 11010502034610号
暂无评论