pageadmin SQL注入漏洞下载

pageadmin SQL注入漏洞大量政府，学校，企业等网站使用该程序

/e/aspx/get_comment.aspx



protected void Page_Load(Object src,EventArgs e)

  {

    string sql;

    OleDbCommand comm;

    Conn theconn=new Conn();

    if(Request.Form["post"]=="add")

     {

      IsMember=Request.Form["ismember"];

      if(IsMember=="0")

       {

         Md5 JM=new Md5();

         if(Session["YZM"]==null)

          {

            Response.Write("yzm error");

            Response.End();

          }

         else if(Request.Form["code"]!=Session["YZM"].ToString())

          {

           Response.Write("yzm error");

           Response.End();

         }

       }

       Table=Request.Form["table"];//获取参数

DetailId=Request.Form["id"];

       string UserName=Request.Form["username"];

       string Password=Request.Form["code"];

       string Quote=Request.Form["quote"];

       string Content=Request.Form["content"];

       string Checked=Request.Form["checked"];

       Checked=Checked=="0"?"1":"0";

       string SiteId=Request.Form["siteid"];

       LoginUserName="";

       IP=GetClientIP();

       if(Content=="" || !IsNum(Checked) || !IsNum(DetailId) || !IsNum(SiteId) || !IsNum(IsMember))

        {

          Response.Write("input error");

          Response.End();

        }

       else

        {

         Check_Post();

         conn=new OleDbConnection(theconn.Constr());

         conn.Open();



        //处理内容

        Get_Set(int.Parse(SiteId));

        Check_TimeLimit();   //检查时间间隔;

        if(Comment_MaxLength!=0 && Content.Length>Comment_MaxLength)//检查最大字符

         {

          conn.Close();

          Response.Write("maxleng_limit,"+Comment_MaxLength);

          Response.End();

         }

         Check_Forbid(Content);           //检查禁止关键字

         Content=Replace_String(Content);    //替换

         UserName=Replace_String(UserName);  //替换

         //处理内容

         if(IsMember=="1")//检查用户，，只有是1才检测，这就跳过检测了