pageadmin SQL注入漏洞下载
-
来源:黑吧安全网 浏览:736次 时间:2014-07-16
pageadmin SQL注入漏洞大量政府,学校,企业等网站使用该程序
/e/aspx/get_comment.aspx
protected void Page_Load(Object src,EventArgs e)
{
string sql;
OleDbCommand comm;
Conn theconn=new Conn();
if(Request.Form["post"]=="add")
{
IsMember=Request.Form["ismember"];
if(IsMember=="0")
{
Md5 JM=new Md5();
if(Session["YZM"]==null)
{
Response.Write("yzm error");
Response.End();
}
else if(Request.Form["code"]!=Session["YZM"].ToString())
{
Response.Write("yzm error");
Response.End();
}
}
Table=Request.Form["table"];//获取参数
DetailId=Request.Form["id"];
string UserName=Request.Form["username"];
string Password=Request.Form["code"];
string Quote=Request.Form["quote"];
string Content=Request.Form["content"];
string Checked=Request.Form["checked"];
Checked=Checked=="0"?"1":"0";
string SiteId=Request.Form["siteid"];
LoginUserName="";
IP=GetClientIP();
if(Content=="" || !IsNum(Checked) || !IsNum(DetailId) || !IsNum(SiteId) || !IsNum(IsMember))
{
Response.Write("input error");
Response.End();
}
else
{
Check_Post();
conn=new OleDbConnection(theconn.Constr());
conn.Open();
//处理内容
Get_Set(int.Parse(SiteId));
Check_TimeLimit(); //检查时间间隔;
if(Comment_MaxLength!=0 && Content.Length>Comment_MaxLength)//检查最大字符
{
conn.Close();
Response.Write("maxleng_limit,"+Comment_MaxLength);
Response.End();
}
Check_Forbid(Content); //检查禁止关键字
Content=Replace_String(Content); //替换
UserName=Replace_String(UserName); //替换
//处理内容
if(IsMember=="1")//检查用户,,只有是1才检测,这就跳过检测了