<!--#include file="xp.asp"--> <% dim adminid,action action=request.QueryString("action") adminid=request.QueryString("id") if adminid="" then adminid=request("adminid") select case action case "save" set rs=server.CreateObject("adodb.recordset") rs.Open "select * from [shopxp_admin] where adminid="&adminid,conn,1,3 ……………………………… rs.Update rs.Close set rs=nothing response.Write "<script language=javascript>alert('操作成功!');history.go(-1);</script>" case "del" conn.execute "delete from [shopxp_admin] where adminid in ("&adminid&") " 'response.Redirect "manageuser.asp" response.Redirect request.servervariables("http_referer") end select %> 调用的xp.asp: <!--#include file="database_name.asp" --> <% dim conn,connstr,db startime=timer() db="../shopxp/"&dataname&"" '数据库 on...
<!--#include file="xp.asp"--> <% dim adminid,action action=request.QueryString("action") adminid=request.QueryString("id") if adminid="" then adminid=request("adminid") select case action case "save" set rs=server.CreateObject("adodb.recordset") rs.Open "select * from [shopxp_admin] where adminid="&adminid,conn,1,3 ……………………………… rs.Update rs.Close set rs=nothing response.Write "<script language=javascript>alert('操作成功!');history.go(-1);</script>" case "del" conn.execute "delete from [shopxp_admin] where adminid in ("&adminid&") " 'response.Redirect "manageuser.asp" response.Redirect request.servervariables("http_referer") end select %> 调用的xp.asp: <!--#include file="database_name.asp" --> <% dim conn,connstr,db startime=timer() db="../shopxp/"&dataname&"" '数据库 on error resume next '尝试连数据库,一直到超时,但可以加强SQL注入过滤 connstr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(db) 'connstr="DBQ="+server.mappath(""&db&"")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" set conn=server.createobject("ADODB.CONNECTION") conn.open connstr %> 嘿嘿,也是未做过滤和验证的,那么就产生了个直接添加管理员的漏洞。 shopxp html版2.0/1.0 官方暂无相关补丁 请关注官方更新http://www.010net.cn/
