28,391
社区成员
发帖
与我相关
我的任务
分享求助ASP+ACCESS SQL注入漏洞修复
问题:扫描漏洞总是有注入漏洞,不知道怎么修改,求达人帮助,跪谢!
下面是代码
<!--#include file="../include/error.asp"-->
<!--#include file="../include/check.asp"--><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
</head>
<body class="about">
<%
Call OpenConnection()
Set rst=Server.CreateObject("ADODB.RecordSet")
Set rs=Server.CreateObject("ADODB.RecordSet")
Catalogid=request("catalogid")
productid=request("productid")
if productid="" then productid=1
Call CheckKeyword(catalogid)
Call CheckKeyword(productid)
if catalogid="" then catalogid=1
%>
<div class="mainwrap">
<!--#include file="../include/head.asp"-->
<%
rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then
%>
<div class="bannerwrap"><img src="../profile_images/<%=rst("banner_photo")%>" width="960" height="150" /></div>
<%
end if
rst.Close
%>
<div class="subbody">
<div class="left">
<div class="maintitle" id="title7">EMBA项目</div>
<div class="maincontent" id="content7"><!--#include file="../include/left.asp"--></div><!--#include file="../include/contactus.asp"-->
</div>
<div class="right">
<div class="maintitle" id="title8">您现在的位置:<a href="/index.asp">首页</a> > <a href="/profile/profile.asp?catalogid=1&productid=15">EMBA项目</a> >
<% productid=request("productid")%>
<% rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then%>
<%=rst("product_name")%>
<% end if
rst.Close%></div>
<div class="maincontent" id="content8">
<%
rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then
%>
<%=rst("product_desc")%>
<%
end if
rst.Close
%>
</div>
</div>
</div>
<!--#include file="../include/foot.asp"-->
</div>
<%
set rs=nothing
set rst=nothing
Call CloseConnection()
%>
</body>
</html>
下面是代码
<!--#include file="../include/error.asp"-->
<!--#include file="../include/check.asp"--><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
</head>
<body class="about">
<%
Call OpenConnection()
Set rst=Server.CreateObject("ADODB.RecordSet")
Set rs=Server.CreateObject("ADODB.RecordSet")
Catalogid=request("catalogid")
productid=request("productid")
if productid="" then productid=1
Call CheckKeyword(catalogid)
Call CheckKeyword(productid)
if catalogid="" then catalogid=1
%>
<div class="mainwrap">
<!--#include file="../include/head.asp"-->
<%
rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then
%>
<div class="bannerwrap"><img src="../profile_images/<%=rst("banner_photo")%>" width="960" height="150" /></div>
<%
end if
rst.Close
%>
<div class="subbody">
<div class="left">
<div class="maintitle" id="title7">EMBA项目</div>
<div class="maincontent" id="content7"><!--#include file="../include/left.asp"--></div><!--#include file="../include/contactus.asp"-->
</div>
<div class="right">
<div class="maintitle" id="title8">您现在的位置:<a href="/index.asp">首页</a> > <a href="/profile/profile.asp?catalogid=1&productid=15">EMBA项目</a> >
<% productid=request("productid")%>
<% rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then%>
<%=rst("product_name")%>
<% end if
rst.Close%></div>
<div class="maincontent" id="content8">
<%
rst.Open "select * from course where id=" & productid,objConn,3,1
if not rst.EOF then
%>
<%=rst("product_desc")%>
<%
end if
rst.Close
%>
</div>
</div>
</div>
<!--#include file="../include/foot.asp"-->
</div>
<%
set rs=nothing
set rst=nothing
Call CloseConnection()
%>
</body>
</html>
...全文
请发表友善的回复…
发表回复
冷石然@SaaS产品派 2014-11-08
- 打赏
- 举报
防注入最好的方法就是参数化查询,没有之一。
xcgh 2014-11-08
- 打赏
- 举报
修改好了,用sqlmap测试
csdn_aspnet 2014-11-07
- 打赏
- 举报
以下为代码内容:放入conn.asp中(拒绝攻击 万能Asp防注入代码)
第一种:
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
For SQL_Data=0 To Ubound(SQL_inj)
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL通用防注入系统"
Response.end
end if
next
第二种:
SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL通用防注入系统"
Response.end
end if
next
Next
End If
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL通用防注入系统"
Response.end
end if
next
next
end if
Go 旅城通票 2014-11-07
- 打赏
- 举报
Catalogid=request("catalogid")&""
productid=request("productid")&""
if not isnumeric(Catalogid) then Catalogid=1
if not isnumeric(productid) then productid=1
三楼の郎 2014-11-06
- 打赏
- 举报
if productid="" then productid=1 =》if not isnumeric(productid) then productid=1
