### 简要描述:
shop7z sql注入漏洞
### 详细说明:
getpassword3.asp
```
if session("verifycode")<>request.Form("code") then
response.write "
<div align=center><a href=javascript:window.history.back()>请输入正确的验证码,点击这里返回重试</a></div>"
response.end
end if
username=trim(request.Form("username"))
password_Answer=trim(request.Form("password_Answer"))
mail=trim(request.Form("mail"))
if InStr(password_Answer,"'")>0 or InStr(password_Answer,"--")>0 or InStr(password_Answer,"(")>0 or InStr(password_Answer,";")>0 then
response.write "密码提示答案不合法。"
response.end
END IF
if InStr(mail,"'")>0 or InStr(mail,"(")>0 or InStr(mail,";")>0 then
response.write "mail不合法。"
response.end
END IF
sql="select password from x_huiyuan where username='"&username&"' and password_Answer='"&password_Answer&"' and email='"&mail&"' "//注入
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,1
```
测试
192.168.236.131/getpassword3.asp
POST 内容
username=1111'&password_Answer=111&mail=ddd@qq.com
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201311/051920057232ec3fe3324814f57f37e0724a6f26.png" alt="QQ截图20131103142126.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201311/051920057232ec3fe3324814f57f37e0724a6f26.png)
暂无评论