 | /*
* author:cnryan
* Subject: AspBar SQL injection Vulnerability
* version: AspBar V3.4 Access
*/
Ku_inc/Ku_Sql.asp部分代码:
<%
Dim QueryData,FormData,QueryName,Name
QueryData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from"
FormData="<%" '没有对有危害字符过滤
cookData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|declare|mid|chr|chr(37)|net|union|from"
……略……
FormData过滤不严,request()或request.form() 可绕过。
---------------------------
so.asp导致一个注入
if request.querystring("page")="" then
keywords=trim(request.form("keyword"))
---------------------------
相关处理 so_news.asp so_art.asp等文件
set rs=server.createobject("adodb.recordset")
sql="select * from ku_news where shenhe=1 and (title like '%" ; keywords ; "%' or content like '%" ; keywords ; "%') "
modes=request.form("modes")
=========================EOF========================
| |
