<!--#include file="xp.asp"-->
<%
dim adminid,action
action=request.QueryString("action")
adminid=request.QueryString("id")
if adminid="" then adminid=request("adminid")
select case action
case "save"
set rs=server.CreateObject("adodb.recordset")
rs.Open "select * from [shopxp_admin] where adminid="&adminid,conn,1,3
………………………………
rs.Update
rs.Close
set rs=nothing
response.Write "<script language=javascript>alert('操作成功!');history.go(-1);</script>"
case "del"
conn.execute "delete from [shopxp_admin] where adminid in ("&adminid&") "
'response.Redirect "manageuser.asp"
response.Redirect request.servervariables("http_referer")
end select
%>
调用的xp.asp:
<!--#include file="database_name.asp" -->
<%
dim conn,connstr,db
startime=timer()
db="../shopxp/"&dataname&"" '数据库
on error resume next '尝试连数据库,一直到超时,但可以加强SQL注入过滤
connstr = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(db)
'connstr="DBQ="+server.mappath(""&db&"")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
set conn=server.createobject("ADODB.CONNECTION")
conn.open connstr
%>
嘿嘿,也是未做过滤和验证的,那么就产生了个直接添加管理员的漏洞。
shopxp html版2.0/1.0
官方暂无相关补丁
请关注官方更新http://www.010net.cn/
京公网安备 11010502034610号
暂无评论