我的站后台登陆'or'='or'漏洞,输入'or'='or'就进入后台了,, 我在loginn文件末尾加了
<%
uname=Replace(request.Form("uname"), "'", "")
pwd=Replace(request.Form("pwd"), "'", "")
Set rs = Server.CreateObject("ADODB.Connection")
sql = "select * from Manage_User where UserName='" & name & "' And PassWord='"&encrypt(pwd)&"'"
Set rs = conn.Execute(sql)
If Not rs.EOF = True Then
Session("Name") = rs("UserName")
Session("pwd") = rs("PassWord")
Response.Redirect("manage_Index.asp")
Else
Response.Redirect "Loginsb.asp?msg=你想干什么啊!找警察叔叔抓你!"
End If
end if
%>
这段代码。结果后台打不开了//

我的login文件是
<%@ codepage ="936" %>
<%if session("username")="" then%>
<% dim rndnum,verifycode
Randomize
Do While Len(rndnum)<4
num1=CStr(Chr((57-48)*rnd+48))
rndnum=rndnum&num1
loop
session("verifycode")=rndnum
%>
——后台管理


用户名:
密 码:
验证码:
请输入 <%=session("verifycode")%>
">


注:非本站会员请勿登录,否则后果将追究法律责任!

版权所有 2002-2008
信息有限公司

<%
else
set rs=Server.CreateObject("ADODB.recordset")
sql="select * from Qyml where uflag=0 order by id desc"
rs.Open sql,conn,1,1
if not rs.eof and not rs.bof then
%>

<%end if
set rs=Server.CreateObject("ADODB.recordset")
sql="select * from company where userid='"&session("userid")&"'"
rs.Open sql,conn,1,1
sql1="select count(id) from Qyml where cflag=0"
set totle=conn.execute(sql1)
totle=totle(0)
sql1="select count(id) from Qyml where cflag=1"
set totle1=conn.execute(sql1)
totle1=totle1(0)
sql1="select count(info_id) from info where flag=0"
set news=conn.execute(sql1)
news=news(0)
sql1="select count(info_id) from info where flag=1"
set olds=conn.execute(sql1)
olds=olds(0)
sql1="select count(id) from spzs where flag=0"
set o_news=conn.execute(sql1)
o_news=o_news(0)
sql1="select count(id) from spzs where flag=1"
set o_olds=conn.execute(sql1)
o_olds=o_olds(0)
sql1="select count(id) from Qyml where cflag=0"
set n_olds=conn.execute(sql1)
n_olds=n_olds(0)
sql1="select count(id) from Qyml where cflag=1"
set n_news=conn.execute(sql1)
n_news=n_news(0)
sql1="select count(NewsId) from hyxx "
set n_totle=conn.execute(sql1)
n_totle=n_totle(0)
%>

查看安全日志



<%=session("UserName")%>
,您最后一次登录时间是在
<%=session("LastLogin")%>
目前注册会员 <%=totle+totle1%> 其中已审核会员<%=totle1%>名,等审核会员<%=totle%>
目前共有 <%=news+olds%> 条供求信息,其中已审核 <%=olds%>
,未审核 <%=news%> 条。
目前您共发布了 <%=n_totle%> 条行业新闻信息。
目前产品展厅共有 <%=o_news+o_olds%> 种产品,其中已审核 <%=o_olds%> 条,未审核 <%=o_news%> 条。
目前公司名录中共有 <%=n_news+n_olds%> 个公司,其中已审核 <%=n_olds%> 条,未审核 <%=n_news%> 条。

信息有限公司


<%
rs.close
set rs=nothing
conn.close
set conn=nothing
end if
%>
<%else%>

<%
uname=Replace(request.Form("uname"), "'", "")
pwd=Replace(request.Form("pwd"), "'", "")
Set rs = Server.CreateObject("ADODB.Connection")
sql = "select * from Manage_User where UserName='" & name & "' And PassWord='"&encrypt(pwd)&"'"
Set rs = conn.Execute(sql)
If Not rs.EOF = True Then
Session("Name") = rs("UserName")
Session("pwd") = rs("PassWord")
Response.Redirect("manage_Index.asp")
Else
Response.Redirect "Loginsb.asp?msg=你想干什么啊!找警察叔叔抓你!"
End If
end if
%>