程序getpass.asp这个文件里。 if request.QueryString("action")="rsend" then if request("uname")="" or request("uemail")="" then response.Write("<script>alert(’请输入登陆用户名和注册邮件地址’);history.back();</script>") end if if request("upass1")="" or request("upass2")="" then response.Write("<script>alert(’请输入密码或确认密码’);history.back();</script>") end if if request("upass1")<>request("upass2") then response.Write("<script>alert(’请输入密码或2次密码不一样!’);history.back();</script>") end if uname=trim(request("uname")) useremail=trim(request("uemail")) set rs=server.CreateObject("adodb.recordset") rs.open"select * from f_user where u_name=’"&uname&"’ and u_email=’"&useremail&"’",conn,1,1 if rs.eof and rs.bof then response.Write("<script>alert(’无此帐号或邮件地址错误’);history.back();</script>") rs.close set rs=nothing else set rs=server.CreateObject("adodb.recordset") rs.open"select * from f_user where u_name=’"&uname&"’",conn,1,3 rs("u_pass")=md5(trim(request("upass1")),16) rs.update rs.close set rs=nothing response.Write "<script language=javascript>alert(’修改新密码成功!!请点确定’);location.href=’login.asp’</script>" end if end if 很明显的一个注入漏洞,不过得*工来猜解。前台的我也就没发现什么可以利用的了。来看看后台。 先看后台验证文件admin_check.asp <% if session("f_admin")="" then response.Redirect("login.asp") response.End() end if %> 很明显的漏洞了,不过利用价值不大。 |