山西大学商务学院博客

山西大学商务学院毕业生的山西的黄荣seo实验室

导航

« 注册公司材料及费用山西SEO站长讨论:搜索引擎深度优先还是广度优先,关于网络蜘蛛的研究 »

2007-11-5 19:55:49

风讯4.0sp5sql最新漏洞

[大蝉原创] 转载请著明出处,谢谢

影响系统:风汛cms 4.0以及4.0以下所有ACC/SQL版本

漏洞分析:user/userlist.asp

---------------------------------------------------------------------------------------------------------------------------------------------------     If Request("Keyword")<>"" then
       if Request("searchtype") <>"" then
         if Request("Name") = "UserName" then
           strSQLs = " and UserName like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "UserNumber" then
           strSQLs = " and UserNumber like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "NickName" then
           strSQLs = " and NickName like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "RealName" then
           strSQLs = " and RealName like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "Email" then
           strSQLs = " and Email like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "QQ" then
           strSQLs = " and QQ like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "MSN" then
           strSQLs = " and MSN like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "Integral" then
           strSQLs = " and Integral <"& Request("Keyword") &"+50 and Integral>"& Request("Keyword") &"-50 "& StrOrders &""
         Elseif Request("Name") = "Province" then
           strSQLs = " and Province like '%" & Request("Keyword")& "%' "& StrOrders &""
         Elseif Request("Name") = "city" then
           strSQLs = " and city like '%" & Request("Keyword")& "%' "& StrOrders &""
         End if
       Else
         if Request("Name") = "UserName" then
           strSQLs = " and UserName = '" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "UserNumber" then
           strSQLs = " and UserNumber = '" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "NickName" then
           strSQLs = " and NickName = '" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "RealName" then
           strSQLs = " and RealName = '" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "Email" then
           strSQLs = " and Email = '" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "QQ" then
           strSQLs = " and QQ = '" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "MSN" then
           strSQLs = " and MSN = '" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "Integral" then
           strSQLs = " and Integral =" & clng(Request("Keyword"))& " "& StrOrders &""
         Elseif Request("Name") = "Province" then
           strSQLs = " and Province ='" & Request("Keyword")& "' "& StrOrders &""
         Elseif Request("Name") = "city" then
           strSQLs = " and city ='" & Request("Keyword")& "' "& StrOrders &""
         End if
       End if
     Else
       strSQLs = " "& StrOrders &""
     End if

---------------------------------------------------------------------------------------------------------------------------------------------------

keyword参数通过Request直接获得,没有经过任何形式的过滤,导致入侵者构造恶意参数操作数据库。

测试代码:http://localhost/user/UserList.asp?Name=UserName&keyword=usual'

[大蝉原创] 转载请著明出处,谢谢


PS:哎,最近漏洞大爆发,让暴风雨来的更猛烈些吧。。。。。

Tags:
发布:幽火 | 分类:网络营销 | 评论:1 | 引用:0 | 浏览:
  • 相关文章:

发表评论:

◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。

Tags

日历

最新评论及回复

最近发表

Powered By 山西大学商务学院 Using 黄荣 Designed By 黄荣博客

Copyright 山西大学商务学院博客 www.huangrong.org.cn. Rights Reserved.