📄 indexx.asp
字号:
<!--#include file="dbkillercnect.asp"-->
<%
module=request("module")
'get注入拦截
SQL_injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert('安全中心整站系统欢迎安全测试,有漏洞请告诉我们,谢谢:bluephantom@sogou.com');history.back(-1)</Script>"
Response.end
end if
next
Next
End If
if module="" then
'post注入拦截
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "<Script Language=JavaScript>alert('安全中心整站系统欢迎安全测试,有漏洞请告诉我们,谢谢:bluephantom@sogou.com');history.back(-1)</Script>"
Response.end
end if
next
next
end if
else:end if
%>
<%
' 密码验证函数部分
Function CheckPwd(ID,Pwd)
Dim conn,param,rs,sql
Set conn = Server.CreateObject("ADODB.Connection")
param = "driver={Microsoft Access Driver (*.mdb)};Pwd="&passwd
conn.Open param & ";dbq=" & Server.Mappath(bdb)
sql = "Select * From "&front1&"sc_opq_users Where a_user='" & ID & "' And a_pwd = '" & Pwd & "'"
Set rs = conn.Execute( sql )
if rs.EOF Then
CheckPwd = False
Else
CheckPwd = True
End If
End Function
%>
<%
' 密码验证结果部分
Function SqlStr( data )
SqlStr = Replace( data, "'", " " )
End Function
If isEmpty(Session("Passed")) Then Session("Passed") = False
head="请输入您的认证资料"
ID = Request("ID")
Pwd = Request("Pwd")
if ID="" or Pwd="" then
head="请输入认证信息"
ElseIf Not CheckPwd( ID, Pwd ) Then
head="身份验证失败,请重新输入用户名和密码"
Else
sql = "Select * From "&front1&"sc_opq_users Where a_user='" & ID & "' And a_pwd = '" & Pwd & "'"
Set rs = cona.Execute( sql )
Response.cookies("group_")=rs("a_validate")
Session("Passed") = True
End IF
If Not Session("Passed") Then
%>
<html>
<title></title>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<meta name="keywords" content="scc,scccn,中国网络安全中心,网络安全,安全中心,SCC,S.C.C,bluephantom">
<meta http-equiv="MSThemeCompatible" content="Yes">
<link rel="shortcut icon" href="/favicon.ico">
<link href="../images/scc.css" type=text/css rel=stylesheet>
</head>
<body style="text-align: center">
<table width='100%' height='80' border='0' cellpadding='1' cellspacing='1' bgcolor='#004E98'>
<tr>
<td bgcolor='#004E98' nowrap></td>
<td bgcolor='#004E98' width='100%' align='center'>
<img src='../images/scccn.gif' width="212" height="40"> </td>
</tr>
</table>
<div class='pixs2'></div>
<div align='center' class='heads'>
<img border="0" src="images/wel.gif" width="256" height="29"></div>
<div class="bar"></div>
<div class='2emboxs'>
<div class='2emborder'><p></p></div>
<div class='content'>
<table cellspacing='0' >
<tr>
<td align='left' width='100%'>
<p align="center">
<img border="0" src="images/title.gif" width="252" height="31"></td>
<td nowrap>
</td>
</tr>
</table>
</div>
</div>
<table border="0" width="100%" id="table1">
<tr>
<td align="center">
<FORM Action=<%=Request.ServerVariables("PATH_INFO")%> Method=POST>
<p> </p>
<p> </p>
<p> </p>
<p> </p>
<TABLE BORODER=1 CELLSPACING=0 id="table2" >
<TR>
<TD ALIGN=RIGHT><img border="0" src="images/user.gif" width="83" height="31"></TD>
<TD><Input Type=Text Name=ID Size=12 Value=<%=ID%>></TD>
</TR>
<TR><TD ALIGN=RIGHT><img border="0" src="images/pwd.gif" width="83" height="31"> </TD>
<TD><Input Type=Password Name=Pwd Size=12 Value=<%=Pwd%>></TD>
</TR>
</TABLE>
<p> </p>
<P>
<Input Type=Submit Value=" 确定 ">
<P>
<P>
<P>
<P>
</FORM>
<p> </td>
</tr>
</table>
<div class='2emspace'></div>
<div class='footerbar'>
<!- SCC Website Version 1.00 ->
<!- Code by Bluephantom bluephantom@sogou.com ->
<img border="0" src="images/copyright.gif" width="242" height="71"></div>
<p> </p>
</body>
</html>
<%
Response.End
End If
%>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -