Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the USERNAME field in admin.asp); and (5) the PassWord parameter to admin_login.asp (aka the PASSWORD field in admin.asp). NOTE: some of these details are obtained from third party information.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Icash Click&Rank 多个SQL注入漏洞
Vulnerability Description
Click&Rank中存在多个SQL注入漏洞。远程攻击者可以借助对(1)hitcounter.asp,(2)user_delete.asp和(3)user_update.asp的id参数;(4)对admin_login.asp的用户id参数(又称admin.asp中的用户名字段)以及(5)对admin_login.asp的密码参数 (又称admin.asp中的密码字段),执行任意的SQL指令。
CVSS Information
N/A
Vulnerability Type
N/A