UC知道(在线等)编程高手(黑客)请进!!
来源:百度知道 编辑:UC知道 时间:2024/06/16 20:10:44
下面页面又注入漏洞,,指点一下,在哪里。小弟在此谢过!
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="../conn.asp"-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title><%=webname%></title>
<link href="css.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../imp.js"></script>
</head>
<body>
<!--#include file="top.asp"-->
<table width="1004" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="220" valign="top" background="imag
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!--#include file="../conn.asp"-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title><%=webname%></title>
<link href="css.css" rel="stylesheet" type="text/css" />
<script language="javascript" src="../imp.js"></script>
</head>
<body>
<!--#include file="top.asp"-->
<table width="1004" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="220" valign="top" background="imag
sql = "select * From ysmallclass where classid like '"&rs("id")&"' order by n asc"
如果CONN.ASP中没有防注入的程序的话,这就话直接导致注入漏洞。