📄 酷雅论坛-黑客经验与技巧-一个登陆的简单ASP漏洞(破网站可以先试试!).htm
字号:
else{return('<img src=Skins/Default/birth/z3.gif alt=双子座'+mm+'-'+dd+'>');}
break;
case 7 :
if(dd>=23){return('<img src=Skins/Default/birth/z5.gif alt=狮子座'+mm+'-'+dd+'>');}
else{return('<img src=Skins/Default/birth/z4.gif alt=巨蟹座'+mm+'-'+dd+'>');}
break;
case 8 :
if(dd>=24){return('<img src=Skins/Default/birth/z6.gif alt=处女座'+mm+'-'+dd+'>');}
else{return('<img src=Skins/Default/birth/z5.gif alt=狮子座'+mm+'-'+dd+'>');}
break;
case 9 :
if(dd>=24){return('<img src=Skins/Default/birth/z7.gif alt=天秤座'+mm+'-'+dd+'>');}
else{return('<img src=Skins/Default/birth/z6.gif alt=处女座'+mm+'-'+dd+'>');}
break;
case 10 :
if(dd>=24){return('<img src=Skins/Default/birth/z8.gif alt=天蝎座'+mm+'-'+dd+'>');}
else{return('<img src=Skins/Default/birth/z7.gif alt=天秤座'+mm+'-'+dd+'>');}
break;
case 11 :
if(dd>=23){return('<img src=Skins/Default/birth/z9.gif alt=射手座'+mm+'-'+dd+'>');}
else{return('<img src=Skins/Default/birth/z8.gif alt=天蝎座'+mm+'-'+dd+'>');}
break;
case 12 :
if(dd>=22){return('<img src=Skins/Default/birth/z10.gif alt=魔羯座'+mm+'-'+dd+'>');}
else{return('<img src=Skins/Default/birth/z9.gif alt=射手座'+mm+'-'+dd+'>');}
break;
default : return('');
}
}else{return('');}
}
function usercolor(UserGroupID,UserName)
{
UserGroupID = parseInt(UserGroupID);
var UserNameStyle=GroupUserName[UserGroupID].split("§");
return(UserNameStyle[0]+UserName+UserNameStyle[1]);
}
</script>
<a name="432" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema"></a><table cellpadding="5" cellspacing="1" class="tableBorder1" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema">
<tr>
<td width="175" align="center" valign="middle" class="TableBody2"><script type="text/javascript" language="javascript">document.write (usercolor('1','admin'));</script></td>
<td class="TableBody1"><table width="100%">
<tr>
<td width="*" align="absmiddle"><a href="http://wpa.qq.com/msgrd?V=1&Uin=69052&Site=By Dvbbs&Menu=yes" title="点击发送QQ消息给admin" target="_blank"><img src="Skins/kuya/qq.gif" border="0" align="absmiddle"></a> <a href="messanger.asp?action=new&touser=admin" target="_blank"><img src="Skins/kuya/message.gif" border="0" alt="给admin发送一个短消息" align="absmiddle"></a> <a href="friendlist.asp?action=addF&myFriend=admin" target="_blank"><img src="Skins/kuya/friend.gif" border="0" alt="把admin加入好友" align="absmiddle"></a> <a href="dispuser.asp?id=1" target="_blank"><img src="Skins/kuya/profile.gif" border="0" alt="查看admin的个人资料" align="absmiddle"></a> <a href="query.asp?stype=1&nSearch=3&keyword=admin&BoardID=31&SearchDate=ALL" target="_blank"><img src="Skins/kuya/find.gif" border="0" alt="搜索admin在的所有贴子" align="absmiddle"></a> <a href="mailto:jackie@kuya.cn"><img alt="点击这里发送电邮给admin" border="0" src="Skins/kuya/email.gif" align="absmiddle"></a> <a href="http://www.kuya.cn" target="_blank"><img alt="访问admin的主页" border="0" src="Skins/kuya/homepage.gif" align="absmiddle"></a> <a href="post.asp?action=re&BoardID=31&replyID=432&id=224&star=1&reply=true"><img src="Skins/kuya/reply.gif" border="0" alt="引用回复这个贴子" align="absmiddle"></a> <a href="post.asp?action=re&BoardID=31&replyID=432&id=224&star=1"><img src="Skins/kuya/reply_a.gif" border="0" alt="回复这个贴子" align="absmiddle"></a></td>
<td width="70" align="right"> 楼主</td>
</tr>
</table></td>
</tr>
<tr>
<td colspan="2" height="1" background="Skins/kuya/line_01.gif"></td>
</tr>
<tr>
<td width="175" valign="top" class="TableBody2"> <img src="UploadFace/1_2005619173266116.gif" width="120" height="120"><br> <a href="javascript:DispMagicEmot(1,350,500)">查看魔法头像</a><br> <img src="Skins/kuya/star/level20.gif"><br> <img src="Skins/kuya/Male.gif" alt="帅哥"><span class="eng_e">E</span><span class="eng_r">R</span>酷雅版主<br> 等级:管理员<br> 门派:酷雅<hr class="hr2"> 文章:<font color="#B481C5"><b>261</b></font><br> 威望:<font color="#FF0000"><B>10000</B></font><br> 积分:12608<hr class="hr2"> <span class="eng_m"><a title="现金">M:</a>42061</span> <span class="eng_g"><a title="金币">G:</a>8900</span> <span class="eng_t"><a title="点券">T:</a>8800</span><br> 注册:2003-12-30</td>
<td valign="top" class="TableBody1"><table border="0" align="center" width="95%" height="85%" style="table-layout:fixed;word-break:break-all">
<tr>
<td width="*" height="100%" style="font-size:9pt;line-height:12pt" valign="top"><img src="Skins/kuya/topicface/face1.gif" border="0" alt="发贴心情" align="absmiddle"> <B>一个登陆的简单ASP漏洞(破网站可以先试试!)</B><BR><P>大家看看下面的一段</P><P>name=request("name")<br>password=request("password")<br>sql="select * from [数据库表] where name='"&name&"' and password='"&password&"'"<br>rs.open sql,conn,1,1<br>if rs.bof or rs.eof then<br>response.write"不能登录管理"<br>else<br>response.write"可以登录管理"<br>end if</P><P>这是常见的登录代码,看起来并没有错,但存在十分严重的漏洞.<br>你可以试试在name框跟password框里都输入以下内容<br>1' or '1'='1<br>怎么样,看到了吧?不用我说你都知道是怎么回事了。<br>可以过滤'和=,这样就不会被人用万能密码了,呵呵。<br>name=replace(name,"'","‘")</P><P>你的程序不会出现这样的问题吧,如果……………………<br>我就出现这样的问题,已经改了,呵呵。(强烈建议不要用本贴的技巧登录别人的后台,否则后果我不负责!)</P></td>
</tr>
<tr>
<td><img src="Skins/kuya/sigline.gif"><br>成长、择业、拼搏与梦想!</td>
</tr>
<tr>
<td></td>
</tr>
</table></td>
</tr>
<tr>
<td width="175" align="center" valign="middle" class="TableBody2"><img align="absmiddle" border="0" src="Skins/kuya/ip.gif" alt="发贴IP已设置保密"> 2005-07-24 23:58</td>
<td valign="middle" class="TableBody2"><table width="100%" cellpadding="0" cellspacing="0">
<tr>
<td valign="middle" align="left" width="*"> </td>
<td nowarp="true" valign="bottom" width="130" align="left"></td>
<td valign="middle" width="170" align="right"><a href="post.asp?action=edit&BoardID=31&replyID=432&ID=224&star=1"><img align="absmiddle" border="0" src="Skins/kuya/edit.gif"></a> <a class="ImgOnclick" onMouseOver="showmenu(event,'','Menu_0');"><img align="absmiddle" border="0" src="Skins/kuya/topicmanage.gif"></a> <a href="#top"><img align="absmiddle" border="0" src="Skins/kuya/p_up.gif"></a></td>
<td valign="middle" align="left"></td>
</tr>
</table></td>
</tr>
</table>
<table width="100%" height="1" border="0" cellpadding="0" cellspacing="0" background="Skins/kuya/line_01.gif" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema">
<tr>
<td></td>
</tr>
</table>
<div class="Menu_popup" id="Menu_0" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema">
<div class="menuitems"><a href="TopicOther.asp?t=6&BoardID=31&id=224&ReplyID=432" title="向管理员举报该贴">举报帖子</a><BR><a href="admin_postings.asp?action=copy_a&BoardID=31&replyID=432&ID=224&star=1&userid=1">复制贴子</a><BR><a href="admin_postings.asp?action=isbest_a&BoardID=31&replyID=432&ID=224&star=1&userid=1">加为精华</a><BR><a href="admin_postings.asp?action=islockpage_a&BoardID=31&replyID=432&ID=224&star=1&userid=1">单贴屏蔽</a><BR><a href="admin_postings.asp?action=RewardMoney&BoardID=31&replyID=432&ID=224&star=1" title="好评或差评,可奖励或扣除该贴用户相关分值">帖子评价</a><BR><a title="对本贴使用论坛道具" href="javascript:openScript('plus_Tools_InfoSetting.asp?action=0&BoardID=31&TopicID=224&ReplyID=432&ToUserID=1')">使用道具</a></div></div>
<table border="0" cellpadding="5" cellspacing="0" align="center" width="100%" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema">
<tr>
<td valign="middle" width="10%" class="TableBody1"><SELECT NAME="BoardJumpList" ID="BoardJumpList" onchange="if(this.options[this.selectedIndex].value!=''){location='index.asp?boardid='+this.options[this.selectedIndex].value;}"></SELECT></td>
<td width="90%" align="right" class="TableBody1"><span id="showpagelist"><table class="Tableborder5" cellpadding="0" cellspacing="1">
<form action="dispbbs.asp?boardid=31&replyid=224&id=224&page=1&skin=0" method="post" name="PageForm" target="">
<tr align="center">
<td class="tabletitle1" title="总数"> 1 </td>
<td class="tabletitle1" title="本页贴数"> 1 </td>
<td class="tabletitle1"> 1/1页 </td>
<td class="tablebody1"> <img src="images/pagelist/First.gif" border="0" alt=""> </td>
<td class="tablebody2"> <font class="normalTextSmall"><u><b>1</b></u></font> </td>
<td class="tablebody1"> <img src="images/pagelist/Last.gif" border="0" alt=""> </td>
<td class="tablebody1"><input type="text" name="Star" size="1" value="1" class="PageInput"><input type="submit" value="GO" name="submit" class="PageInput"></td>
</tr>
</form>
</table></span><span id="showclose"></span></td>
</tr>
</table>
<table width="100%" height="1" border="0" cellpadding="0" cellspacing="0" background="Skins/kuya/line_01.gif" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema">
<tr>
<td></td>
</tr>
</table><script type="text/javascript" language="javascript" xmlns:rs="urn:schemas-microsoft-com:rowset" xmlns:z="#RowsetSchema">
BoardJumpListSelect('31',"BoardJumpList","选取所有","",0);
function closetree(){
document.getElementById("postlist").innerHTML="";
document.getElementById("showclose").innerHTML="";
}
</script><Script Language=JavaScript>var Board_Setting5='1';var Board_Setting6='1';var Board_Setting7='1';var Board_Setting8='1';var Board_Setting9='1';var Board_Setting16='16240';var Board_Setting44='0';var Forum_Setting3='60';var Forum_PostFace='Skins/default/topicface/|||face1.gif|||face2.gif|||face3.gif|||face4.gif|||face5.gif|||face6.gif|||face7.gif|||face8.gif|||face9.gif|||face10.gif|||face11.gif|||face12.gif|||face13.gif|||face14.gif|||face15.gif|||face16.gif|||face17.gif|||face18.gif|||';var Forum_PostFace=Forum_PostFace.split("|||");</Script><!--快速回复部分 2005-1-21更新 -->
<Script Src="images/post/reply.js"></Script>
<script language = "JavaScript" src = "images/post/post.js"></script>
<SCRIPT LANGUAGE="JavaScript">
<!--
var Forum_Emot='Skins/Default/emot/<><><>em01.gif<><><>em02.gif<><><>em03.gif<><><>em04.gif<><><>em05.gif<><><>em06.gif<><><>em07.gif<><><>em08.gif<><><>em09.gif<><><>em10.gif<><><>em11.gif<><><>em12.gif<><><>em13.gif<><><>em14.gif<><><>em15.gif<><><>em16.gif<><><>em17.gif<><><>em18.gif<><><>em19.gif<><><>em20.gif<><><>em21.gif<><><>em22.gif<><><>em23.gif<><><>em24.gif<><><>em25.gif<><><>em26.gif<><><>em27.gif<><><>em28.gif<><><>em29.gif<><><>em30.gif<><><>em31.gif<><><>em32.gif<><><>em33.gif<><><>em34.gif<><><>em35.gif<><><>em36.gif<><><>em37.gif<><><>em38.gif<><><>em39.gif<><><>em40.gif<><><>em41.gif<><><>em42.gif<><><>em43.gif<><><>em44.gif<><><>em45.gif<><><>em46.gif<><><>em47.gif<><><>em48.gif<><><>em49.gif<><><>';
var Emot_PageSize=8;
Forum_Emot=Forum_Emot.split("<><><>");
function submitonce(theform)
{
//if IE 4+ or NS 6+
if (document.all||document.getElementById){
//screen thru every element in the form, and hunt down "submit" and "reset"
for (i=0;i<theform.length;i++){
var tempobj=theform.elements[i]
if(tempobj.type.toLowerCase()=="submit"||tempobj.type.toLowerCase()=="reset")
//disable em
tempobj.disabled=true
}
}
}
function isuse(theid,str0,str1)
{
if(theid=='0')
{
return(str1)
}
else
{
return(str0)
}
}
function show_topic_limited(){
document.write ('<li>HTML标签: '+isuse(Board_Setting5,"<font color=red>可用</font>","<font color=#CCCCCC>不可用</font> "));
document.write ('<li>UBB标签: '+isuse(Board_Setting6,"<font color=red>可用</font>","<font color=#CCCCCC>不可用</font> "));
document.write ('<li>贴图标签: '+isuse(Board_Setting7,"<font color=red>可用</font>","<font color=#CCCCCC>不可用</font> "));
document.write ('<li>Flash标签:'+isuse(Board_Setting44,"<font color=red>可用</font>","<font color=#CCCCCC>不可用</font> "));
document.write ('<li>多媒体标签:'+isuse(Board_Setting9,"<font color=red>可用</font>","<font color=#CCCCCC>不可用</font> "));
document.write ('<li>表情字符转换:'+isuse(Board_Setting8,"<font color=red>可用</font>","<font color=#CCCCCC>不可用</font> "));
document.write ('<li>上传图片:'+isuse(Forum_Setting3,"<font color=red>可用</font>","<font color=#CCCCCC>不可用</font> "));
document.write ('<li>最多'+Math.floor(Board_Setting16/1024)+'KB');
}
//-->
</SCRIPT>
<div onkeydown="ctlent();" >
<link rel="STYLESHEET" type="text/css" href="images/post/edit.css">
<table cellpadding=1 cellspacing=1 class=tableborder1 align=center>
<tr>
<td width="100%" class="title1" colspan="2" align=left> 快速回复:</td>
</tr>
<tr>
<td colspan="2" height="1" background="Skins/kuya/line_01.gif"></td>
</tr>
<form id="Dvform" action="savepost.asp?action=sre&method=fastreply&BoardID=31" method=POST name="Dvform" onSubmit="Dvbbs_CopyData('Body');" >
<INPUT type="hidden" maxLength=20 value="{$memberword}" name=passwd>
<input type=hidden name="followup" value="432">
<input type=hidden name="RootID" value="224">
<input type=hidden name="star" value="1">
<input type=hidden id="Body" name="Body" value="">
<input type=hidden name="TotalUseTable" value="dv_bbs1">
<INPUT type=hidden value="" name=UserName>
<tr>
<td width="23%" class=tablebody2 noWrap rowspan="2">
<INPUT TYPE="hidden" NAME="ShowFacePage" ID="ShowFacePage">
<table border=0 style="width:100%;height:20;" cellpadding=2 cellspacing=1 align=center >
<tr>
<td id="ShowBack" width=1 height=20 class="tablebody1">
<img class=ImgOnclick onClick="show_post_face(-1);" src="Images/post/Previous.gif" title="上一页" id="ShowBack">
</td>
<td align=center class="tablebody2" width="*" height=25><b>发贴表情</b></td>
<td id="ShowNext" width=1 class="tablebody1" align="right"><img class=ImgOnclick onClick="show_post_face(1);" src="Images/post/Next.gif" title="下一页" align=absmiddle></td>
</tr>
</table>
<table border=0 style="width:100%;height:98%;" cellpadding=2 cellspacing=1 align=center class="Dvbbs_Reply">
<tr><td class="tablebody1" id=ShowFace height="*" valign=top>
读取发帖表情...
</td></tr>
</table>
</td>
<td width="77%" class=tablebody2>
<!--post.asp##ubb部分-->
<table border=0 style="width:100%;height:30;" cellpadding=2 cellspacing=1 align=center>
<tr><td width=1>
<select ID="Dvbbs_formatSelect" class="Dvbbs_TBGen" onchange="Dvbbs_doSelectClick('FormatBlock',this)">
<option>段落格式</option>
<option VALUE="<P>">普通格式
<option VALUE="<H1>">标题 1
<option VALUE="<H2>">标题 2
<option VALUE="<H3>">标题 3
<option VALUE="<H4>">标题 4
<option VALUE="<H5>">标题 5
<option VALUE="<H6>">标题 6
<option VALUE="<H7>">标题 7
<option VALUE="<PRE>">已编排格式
<option VALUE="<ADDRESS>">地址
</select>
</td><td width=1>
<select language="javascript" class="Dvbbs_TBGen" id="FontName" onchange="FormatText ('fontname',this[this.selectedIndex].value);">
<option class="heading" selected>字体
<option value="宋体">宋体
<option value="黑体">黑体
<option value="楷体_GB2312">楷体
<option value="仿宋_GB2312">仿宋
<option value="隶书">隶书
<option value="幼圆">幼圆
<option value="新宋体">新宋体
<option value="细明体">细明体
<option value="Arial">Arial
<option value="Arial Black">Arial Black
<option value="Courier">Courier
<option value="Verdana">Verdana
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -