漏洞文件为/p_inc/hits_order.asp <!--#include file="../p_inc/config.asp"--> <!--#include file="../p_inc/function.asp"--> <!--#include file="../p_inc/function_func.asp"--> <!--#include file="../p_inc/openconn.asp"--> <!--#include file="../p_inc/G_function.asp"--> <% IF Not ChkPost() Then response.Redirect G_error_page_1 response.End() End IF '这里调用了/p_inc/function.asp文件中ChkPost()函数检测来源网址 Function G_hitss(url,numb) Dim str str="" sql="select top "&numb&" id,m_name,m_pic,m_hits,m_content from qingtiandy_movie where m_look=1 order by m_hits desc,id desc" '看到了没numb没有过滤 Set rs=server.CreateObject(G_RS) rs.open sql,conn,1,1 i=1 Do While Not rs.Eof d_url=url_(Array("d",rs(0),url)) str=str&"<div><a href="&d_url&" title='主演:"&rs(2)&"'>"&Get_length(rs(1),"",32)&"</a>...
漏洞文件为/p_inc/hits_order.asp <!--#include file="../p_inc/config.asp"--> <!--#include file="../p_inc/function.asp"--> <!--#include file="../p_inc/function_func.asp"--> <!--#include file="../p_inc/openconn.asp"--> <!--#include file="../p_inc/G_function.asp"--> <% IF Not ChkPost() Then response.Redirect G_error_page_1 response.End() End IF '这里调用了/p_inc/function.asp文件中ChkPost()函数检测来源网址 Function G_hitss(url,numb) Dim str str="" sql="select top "&numb&" id,m_name,m_pic,m_hits,m_content from qingtiandy_movie where m_look=1 order by m_hits desc,id desc" '看到了没numb没有过滤 Set rs=server.CreateObject(G_RS) rs.open sql,conn,1,1 i=1 Do While Not rs.Eof d_url=url_(Array("d",rs(0),url)) str=str&"<div><a href="&d_url&" title='主演:"&rs(2)&"'>"&Get_length(rs(1),"",32)&"</a> ("&rs(3)&")</div>" i=i+1 rs.movenext Loop G_hitss=str End Function %> document.write("<%=G_hitss(request("url"),request("numb"))%>") '这里的numb也没有过滤 睛天电影系统 暂无
