标题:ASP网站漏洞在哪?
只看楼主
dewei001
Rank: 1
等 级:新手上路
帖 子:10
专家分:0
注 册:2010-3-11
结帖率:85.71%
已结贴  问题点数:5 回复次数:2 
ASP网站漏洞在哪?
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!--#include file="conn.asp"-->
<!--#include file="webconfig.asp"-->
<%
            dim id
              id=request("id")
                set rs=server.CreateObject("adodb.recordset")
          rs.open "select  * from news where id="&id,conn,1,3
          lm=rs("lm1")
%>
<HTML><HEAD><TITLE><%=rs("title")%>-<%=title%></TITLE>
<META content=<%=des%> name=description>
<META content=<%=key%> name=keywords>
<META http-equiv=Content-Type content="text/html; charset=gb2312"><LINK
href="images/style.css" type=text/css rel=stylesheet>

<META content="MSHTML 6.00.2900.2963" name=GENERATOR>
<style type="text/css">
<!--
.h10 {LINE-HEIGHT: 10px
}
-->
</style>
</HEAD>
<BODY leftMargin=0 topMargin=0 marginheight="0" marginwidth="0">
<!--#include file="head.asp"-->
<table width="1002" border="0" align="center" cellpadding="0" cellspacing="0">
  <tr>
    <td width="230" valign="top"><!--#include file="left.asp"--></td>
    <td valign="top"><TABLE id=table14 height=8 cellSpacing=0 cellPadding=0 width=100
        border=0>
      <TBODY>
        <TR>
          <TD></TD>
        </TR>
      </TBODY>
    </TABLE>
      <TABLE id=__01 cellSpacing=0 cellPadding=0 width=99% align=center
            border=0>
      <TBODY>
        <TR>
          <TD><IMG id=in_01 height=7 alt=""
                  src="images/in_01.jpg" width=7></TD>
          <TD background=images/in_02.jpg><IMG id=in_02 height=7
                  alt="" src="images/in_02.jpg" width=185></TD>
          <TD><IMG id=in_03 height=7 alt=""
                  src="images/in_03.jpg" width=8></TD>
        </TR>
        <TR>
          <TD background=images/in_04.jpg><IMG id=in_04
                  height=40 alt="" src="images/in_04.jpg" width=7></TD>
          <TD><table width="571" border="0" cellspacing="0" cellpadding="0">
            <tr>
              <td><table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
                <tr>
                  <td>&nbsp;</td>
                </tr>
                <tr>
                  <td><table width="100%" border="0" align="center" cellpadding="0" cellspacing="0">
                      <tr>
                        <td valign="top"><table width="98%" border="0" align="center" cellpadding="0" cellspacing="0">
                            <tr>
                              <td>&nbsp;</td>
                            </tr>
                            <tr>
                              <td height="650" valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
                                  <tr>
                                    <td style="table-layout:fixed;word-break:break-all"><div align="center">
                                        <%
                set rs=server.CreateObject("adodb.recordset")
          rs.open "select  * from news where id="&id,conn,1,3
          if rs.eof and rs.bof then
          response.write "目前还没有内容!"
          else
          rs("hit")=rs("hit")+1
          rs.update
           %>
                                        <br>
                                        <span style="font-size:18px"> <font color=<%=rs("titlecolor")%>><b><%= rs("title") %></b></font></span> <br>
                                        <span style="font-size:14px"> <%= rs("htitle") %></span> <br>
                                      时间:<%= rs("time") %> 来源:<%= rs("zz") %>
                                      <hr width="550" size="1">
                                      <br>
                                      <table style='table-layout:fixed' width="100%" border="0" cellpadding="00" cellspacing="0">
                                        <tr>
                                          <td valign="top" style='word-wrap : break-word'><%= rs("content") %>
                                  <%
                end if
                rs.close
        set rs=nothing %></td>
                                        </tr>
                                      </table>
                                    </div></td>
                                  </tr>
                              </table></td>
                            </tr>
                        </table></td>
                      </tr>
                  </table></td>
                </tr>
              </table></td>
            </tr>
          </table></TD>
          <TD background=images/in_06.jpg><IMG id=in_06
                  height=40 alt="" src="images/in_06.jpg" width=8></TD>
        </TR>
        <TR>
          <TD><IMG id=in_07 height=7 alt=""
                  src="images/in_07.jpg" width=7></TD>
          <TD background=images/in_08.jpg><IMG id=in_08 height=7
                  alt="" src="images/in_08.jpg" width=185></TD>
          <TD><IMG id=in_09 height=7 alt=""
                  src="images/in_09.jpg" width=8></TD>
        </TR>
      </TBODY>
    </TABLE>
      <TABLE id=table14 height=7 cellSpacing=0 cellPadding=0 width=100
        border=0>
        <TBODY>
          <TR>
            <TD></TD>
          </TR>
        </TBODY>
      </TABLE></td>
    <td width="200" valign="top"><!--#include file="rightnews.asp"--></td>
  </tr>
</table>
<!--#include file="foot.asp"-->
</BODY></HTML>
 
请高手帮忙检查一下,这段代码漏洞在哪呀?用工具检查出有注入点。。。。
搜索更多相关主题的帖子: ASP 漏洞 
2010-04-01 09:59
孤独冷雨
Rank: 10Rank: 10Rank: 10
来 自:安徽滁州
等 级:贵宾
威 望:23
帖 子:1246
专家分:1909
注 册:2007-6-4
得分:5 
所谓的注入点,也就是你写的SQL语句!你作一个SQL防注入语句就行了!

程序代码:
<%
Function CheckSql() '防止SQL注入
    Dim sql_injdata 
    SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|=|_|‘|~"
    SQL_inj = split(SQL_Injdata,"|")
    If Request.QueryString<>"" Then
        For Each SQL_Get In Request.QueryString
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language='javascript'>{alert('请不要在参数中包含非法字符!');}</Script>"
Response.Write "本站有服务不到位的地方,请多包函多提建议!↓<br><br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br><br>"
Response.Write "操作时间:"&Now&"<br><br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br><br>"
Response.Write "提交方式:Get<br><br>"
Response.Write "提交参数:"&SQL_Get&"<br><br>"
Response.Write "提交数据:"&Request.QueryString(SQL_Get)
response.Write "<meta http-equiv='refresh' content='3;url=/'>"
                    Response.end
                end if
            next
        Next
    End If
   
    '**************************************************
   
    If Request.Form<>"" Then
       For Each Sql_Post In Request.Form
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language='javascript'>alert('请不要在参数中包含非法字符!');</Script>"
Response.Write "本站有服务不到位的地方,请多包函多提建议!↓<br><br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br><br>"
Response.Write "操作时间:"&Now&"<br><br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br><br>"
Response.Write "提交方式:Post<br><br>"
Response.Write "提交参数:"&SQL_Get&"<br><br>"
Response.Write "提交数据:"&Request.Form(SQL_post)
response.Write "<meta http-equiv='refresh' content='3;url=/'>"
                    Response.end
                end if
            next
        next
    end if
End Function

%>

这里有男女系列成人用品,有时间兄弟们来看一看.
51za.
2010-04-01 10:20



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-301250-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.085810 second(s), 7 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved