1.Addpost.asp有问题
Conn.Execute("insert into [BBSXP_Posts"&PostsTableName&"] (ThreadID,ParentID,PostAuthor,Subject,Body,IPAddress) values ('"&ThreadID&"','"&PostParentID&"','"&CookieUserName&"','"&Subject&"','"&Body&"','"&Request.ServerVariables("REMOTE_ADDR")&"')")
&Request.ServerVariables("REMOTE_ADDR")&未过滤
2.AddTopic.asp有问题
Conn.Execute("insert into [BBSXP_Votes] (ThreadID,IsMultiplePoll,Items,Result,Expiry) values ('"&ThreadID&"',"&Request.Form("IsMultiplePoll")&",'"&HTMLEncode(allpollTopic)&"','"&Votenum&"','"&now()+VoteExpiry&"')")
IsMultiplePoll未过滤
3.另外存在跨站漏洞