E-learning online learning platform cookie # SQL Injection
Keywords: inurl: e-learning/index. asp
File: \ e-learning \ ShowNews. asp
id=request("id")Set rsnews=Server.CreateObject("ADODB.RecordSet") sql="Update News set Hits=Hits+1 where id="&cstr(request("id"))conn.execute sqlsql="Select * From News Where id="&idrsnews.Open sql,conn,1,1Title=rsnews("Title")BigClassName=rsnews("BigClassName")SmallClassName=rsnews("SmallClassName")
File: \ inc \ Check_ SQL .asp
'----- Filter the get query value. if request. queryString <> "" thenChk_badword = split (Query_Badword, "Baidu") for each Query_Name IN Request. queryStringfor I = 0 to ubound (Chk_badword) If Instr (LCase (request. queryString (Query_Name), Chk_badword (I) <> 0 ThenSelect Case Err_Message Case "1" Response. write "<Script Language = JavaScript> alert ('parameter passing error! The value of the parameter "& name &" contains an invalid string! \ N do not include invalid characters such as: and update delete; insert mid master in the parameter! '); Window. close (); </Script> "Case" 2 "Response. write "<Script Language = JavaScript> location. href = '"& Err_Web &"' </Script> "Case" 3 "Response. write "<Script Language = JavaScript> alert ('parameter passing error! The value of the parameter "& name &" contains an invalid string! \ N do not include invalid characters such as: and update delete; insert mid master in the parameter! '); Location. href = '"& Err_Web &"'; </Script> "End SelectResponse. endEnd IfNEXTNEXTEnd if '----- filter the single value of the post table. if request. form <> "" thenChk_badword = split (Form_Badword, "signature") for each name IN Request. formfor I = 0 to ubound (Chk_badword) If Instr (LCase (request. form (name), Chk_badword (I) <> 0 ThenSelect Case Err_Message Case "1" Response. write "<Script Language = JavaScript> alert ('error! The value of Form "& name &" contains an invalid string! \ N do not contain invalid characters such as % & * # () in the form! '); Window. close (); </Script> "Case" 2 "Response. write "<Script Language = JavaScript> location. href = '"& Err_Web &"' </Script> "Case" 3 "Response. write "<Script Language = JavaScript> alert ('error! The value of the parameter "& name &" contains an invalid string! \ N do not contain invalid characters such as % & * # () in the form! '); Location. href =' "& Err_Web &" '; </Script> "End SelectResponse. EndEnd IfNEXTNEXTend if
Look at the filtering code. It's just a pitfall. Only get and post are filtered out.
Solution:
Filter