んㄗ葑訫鎖愛
一:
dim keyword
dim sort_id
keyword=request(“keyword”)
sort_id=request(“sort_id”)
if sort_id<>”” then sqlwhere=sqlwhere &” and sort_id=”&sort_id&””
if keyword<>”” then sqlwhere=sqlwher &” and shop_name like %”&keyword&”%”
Set rs=Server.CreateObject(“ADODB.RecordSet”)
strsql=”select * from Product where shop_id<>0 “&sqlwhere&” order by dateandtime desc”
sort_id变量直接获取,未指明获取方式,导致Cookies注入。
二:
<% sql=”select * from product where shop_id=”&request(“shop_id”)
res.open sql,con,1,3
res(“click”)=res(“click”)+1
Google:inurl:inurl:List.asp?Shop_ID
用注入中转
んㄗ葑訫鎖愛
一:
dim keyword
dim sort_id
keyword=request(“keyword”)
sort_id=request(“sort_id”)
if sort_id<>”” then sqlwhere=sqlwhere &” and sort_id=”&sort_id&””
if keyword<>”” then sqlwhere=sqlwher &” and shop_name like %”&keyword&”%”
Set rs=Server.CreateObject(“ADODB.RecordSet”)
strsql=”select * from Product where shop_id<>0 “&sqlwhere&” order by dateandtime desc”
sort_id变量直接获取,未指明获取方式,导致Cookies注入。
二:
<% sql=”select * from product where shop_id=”&request(“shop_id”)
res.open sql,con,1,3
res(“click”)=res(“click”)+1
Google:inurl:inurl:List.asp?Shop_ID
用注入中转
https://www.dengb.com/qyaq/471701.htmlwww.dengb.comtruehttps://www.dengb.com/qyaq/471701.htmlTechArticleんㄗ葑訫鎖愛 一: dim keyword dim sort_id keyword=request(“keyword”) sort_id=request(“sort_id”) if sort_id”” then sqlwhere=sqlwhere ” and sort_id=”sort_id”” if keyword”” th…
—-想了解更多的企业安全相关处理怎么解决关注<计算机技术网(www.ctvol.com)!!>
本文来自网络收集,不代表计算机技术网立场,如涉及侵权请联系管理员删除。
ctvol管理联系方式QQ:251552304
本文章地址:https://www.ctvol.com/webstt/esecurity/100910.html
