Bt: 08 team
Source code: http://down.admin5.com/asp/76153.html
Multiple pages have the SQL injection vulnerability:
Cps/clientnewsmore. asp news page. However, the database and the administrator database are separated.
The database and administrator database on the cycont. asp consumption guide page are the same.
Check the code: [code] clientnewsmore. asp:
<! -- # Include file = "conn. asp" -->
<%
Set rs = server. createobject ("adodb. recordset ")
SQL = "select * from human where id =" & request. querystring ("id ")&""
Rs. open SQL, conn, 1, 1
%>
[/Code] without any worries, you can directly query the data...
Conn. asp [code] <%
Connstr = "DBQ =" + server. mappath ("2004050261603.mdb") +"; DefaultDir =; DRIVER = {Microsoft Access Driver (*. mdb )};"
Set conn = server. createobject ("adodb. connection ")
Conn. open connstr
%>
[/Code] is not the same as the administrator database.
Cycont. asp [code] <%
Response. Buffer = True
Response. ExpiresAbsolute = Now ()-1
Response. Expires = 0
Set fs = server. createobject ("adodb. connection ")
Fs. connectionstring = "Provider = Microsoft. Jet. OLEDB.4.0; Data Source =" & server. mappath ("200409221234.mdb ")
Fs. open
Www.2cto.com
Set rs = server. createobject ("ADODB. Recordset ")
SQL = "select * from cy where id =" & request. querystring ("id ")
Rs. open SQL, fs, 1, 1
%> [/Code] is also not considered by the task...
Let's take a look at the upload page.
Upload111_flash.asp [code] <%
Uppath = request ("uppath") & "/" 'file upload path
Filelx = request ("filelx") 'file upload type
FormName = request ("formName") 'is uploaded back to the Name of the Form in the edit box on the page.
EditName = request ("EditName") 'is uploaded back to the Name of the edit box on the page.
%>
...............
<Form name = "myform" method = "post" action = "upfile111_flash.asp" enctype = "multipart/form-data">
<Div id = "esave" style = "position: absolute; top: 18px; left: 40px; z-index: 10; visibility: hidden">
..........
</Td> <td width = 20%> </td>
</Tr> </table> </div>
<Table width = "90%" border = "1" align = "center" cellpadding = "3" cellspacing = "1" bordercolor = "#5985D5" bgcolor = "# FFFFFF" class = "tableBorder">
<Tr>
<Td align = "center" bgcolor = "# 254B8F"> <B class = "wz"> <font color = "# ffffff"> Image Upload
<Input type = "hidden" name = "filepath" value = "<% = uppath %>"> // The File Upload path is passed through the form... T. asp NC can capture packets
<Input type = "hidden" name = "filelx" value = "<% = filelx %>">
<Input type = "hidden" name = "EditName" value = "<% = EditName %>">
<Input type = "hidden" name = "FormName" value = "<% = formName %>">
<Input type = "hidden" name = "act" value = "uploadfile"> </font> </B> </td>
[/Code] background address: manager/
Fix: filter. For how to fix upload vulnerabilities, see the previous article on this site.