作者: 来源: 发表时间:2011-04-08 02:25 
前段时间在开游戏支付平台,开始拿到代码的时候看了一下,没找到注入漏洞,就索性以为很安全.代码如下 <!--#include file="inc/conn.asp"-->
<%
on error resume next
dim s,newsid,pathstr,i
newsid=cint(request.QueryString("newsid"))
if err>0 then
response.write "<script language='JavaScript'>{window.alert('非法参数调用!');window.location='index.asp';}</script>"
response.end
end if
if NewsID<0 then
response.write "<script language='JavaScript'>{window.alert('对不起,该c没有找到!');window.location='index.asp';}</script>"
response.end
end if
call ConnectionDatabase
Set Rs=GrateRs("select * from H_news where newsid="&newsid,3)
if Rs.eof then
response.write "<script language='JavaScript'>{window.alert('对不起,该新闻没有找到!');window.location='index.asp';}</script>"
response.end
end if
if Rs("islink")=1 then
response.redirect Rs("link")
response.end
end if
%>
<HTML>
<HEAD>
<TITLE><%=SiteName%> - 联盟动态 - <%=Rs("topic")%></TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<LINK href="inc/css.css" type=text/css rel=stylesheet>
</HEAD>
<BODY>
<br>
<table width="507" height="500" border="0" align="center" cellpadding="0" cellspacing="0">
<tr align="left">
<td height="30" colspan="4">
<font size="3" color="#FF6600"><center><b><%=Rs("topic")%></b></center></font></td>
</tr>
<tr align="center" valign="top">
<td height="22" colspan="4" bgcolor="#FFFFFF"> 发表时间:<%=Rs("time")%>
<%if Rs("from")<>"" then response.write("文章来源:"&Rs("from"))%></td>
</tr>
<tr bgcolor="#D1C8C1">
<td height="1" colspan="4"></td>
</tr>
<tr bgcolor="#FFFFFF">
<td height="24" colspan="3" valign="top"> </td>
</tr>
<tr bgcolor="#FFFFFF">
<td width="1%" valign="top"> </td>
<td width="98%" style="font-size:13px;line-height:22px;" valign="top">信息来源:零下游戏支付平台 <a href="http://www.0xpay.com">www.0xpay.com</a><br>客服QQ:918224<br><%
content=replace(Rs("content"),"<IMG src=""","<div align=""center""><IMG onmousewheel=""return bbimg(this)"" onload=""javascript:if(this.width>screen.width-500)this.style.width=screen.width-500;if(this.height>350)this.style.width=(this.width*350)/this.height;"" src=""")
content=replace(content,""" border=0>",""" border=0></div>")
response.write content
%><br><script language='javascript'>
function copyToClipBoard(){
var clipBoardContent=document.title + '\r\n' + document.location;
clipBoardContent+='\r\n';
window.clipboardData.setData("Text",clipBoardContent);
alert("恭喜您!复制成功");
}
document.write("<input size=\"50\" border-style: dotted; border-width: 1px; background-color: #000000' value=\""+document.location+"\"><input type=\"button\" style='border-style: solid; border-width: 1px' value=\"点击复制\" title=\"点击将本文网址复制到剪贴板\" onclick=\"copyToClipBoard()\"> 与您的QQ/MSN好友分享! ");
