标题:asp脚本有注入点,这段代码应该如何修改呀?
只看楼主
稀饭。
Rank: 1
等 级:新手上路
帖 子:1
专家分:0
注 册:2009-11-11
结帖率:0
已结贴  问题点数:20 回复次数:2 
asp脚本有注入点,这段代码应该如何修改呀?
<!--#include file="head.asp"-->
<style>
body{background:#fff;}
</style>
<%if Session("Usr_Username")<>"" then response.Redirect("user_index.asp")%>
<br>
<br>
<TABLE width=404 border=0 align="center" cellPadding=0 cellSpacing=1 bgcolor="#FF7E00" id=table3>
  <TBODY>
    <TR>
      <TD width=770 vAlign=top bgcolor="#FFE6CB"><table width="100%" height="80" border="0" cellpadding="5" cellspacing="0">
  <form action="login.asp" method="post">
          <tr>
            <td colspan="3" bgcolor="#FFBF79" class="font_4">商户登陆</td>
            </tr>
          <tr>
            <td width="29%"><div align="center"><span style="font-size: 12px; letter-spacing:2px">用户名</span></div></td>
            <td colspan="2"><input type="text" name="Usr_name" size="20" style="font-family: Verdana; font-size: 12px; width: 128; height: 21; border: 1px solid #82C5FA; padding-left: 3px; padding-right: 3px; padding-top: 2px" /></td>
          </tr>
          <tr>
            <td><div align="center"><span style="font-size: 12px; letter-spacing:2px">密  码</span></div></td>
            <td colspan="2"><input type="password" name="Usr_pass" size="20" style="font-family: Verdana; font-size: 12px; width: 128; height: 21; border: 1px solid #82C5FA; padding-left: 3px; padding-right: 3px; padding-top: 2px" /></td>
          </tr>
          <tr>
            <td><div align="center"><span style="font-size: 12px; letter-spacing:2px">验证码</span></div></td>
            <td width="26%"><input type="text" name="Usr_check" size="20" style="font-family: Verdana; font-size: 12px; width: 41; height: 21; border: 1px solid #82C5FA; padding-left: 3px; padding-right: 3px; padding-top: 2px" maxlength="4" /></td>
            <td width="45%"><img src="code.asp" border="0" /></td>
          </tr>
          <tr>
            <td colspan="3"><TABLE width="39%"
                          border=0 align="center" cellPadding=0 cellSpacing=0>
              <TBODY>
                <TR>
                  <TD><INPUT type=image
                              src="images/pay_index04.jpg" value="登 录"
                              name=submit></TD>
                  <TD align=right><A
                              href="web_regFloder.asp"><IMG
                              height=22 src="images/pay_index05.jpg"
                              width=64
                    border=0></A></TD>
                </TR>
              </TBODY>
            </TABLE></td>
          </tr></form>
      </table></TD>
    </TR>
  </TBODY>
</TABLE>
<!--#include file="foot.asp"-->




就是以上脚本!!!!!!!
搜索更多相关主题的帖子: 代码 asp 脚本 
2009-11-11 16:11
风吹过b
Rank: 20Rank: 20Rank: 20Rank: 20Rank: 20
等 级:贵宾
威 望:364
帖 子:4912
专家分:29900
注 册:2008-10-15
得分:10 
注入,体现在你操作数据库部分,并不体现 在 HTML 表单部分.

授人于鱼,不如授人于渔
早已停用QQ了
2009-11-11 16:40
chenguoxing517
Rank: 7Rank: 7Rank: 7
来 自:广东广州
等 级:黑侠
威 望:1
帖 子:154
专家分:619
注 册:2009-9-28
得分:10 
在login.asp这个页面进行改,也就是在你获取表单数据保存到数据库之前进行处理
2009-11-11 16:50



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-291942-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.402268 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved