伪造asp sql注入点的完整文件

    [晴 November 19, 2007 09:48 | by ]
数据库服务器 10.0.5.195
帐户 sa
密码 accountbase
数据库名 gameaccount_server

<%
strSQLServerName = "10.0.5.195" '服务器名称或地址
strSQLDBUserName = "sa" '数据库帐号
strSQLDBPassword = "accountbase" '数据库密码
strSQLDBName = "gameaccount_server" '数据库名称
Set conn = Server.CreateObject("ADODB.Connection")
strCon = "Provider=SQLOLEDB.1;Persist Security Info=False;Server=" &amp; strSQLServerName &amp; ";User ID=" &amp; strSQLDBUserName &amp; ";Password=" &amp; strSQLDBPassword &amp; ";Database=" &amp; strSQLDBName &amp; ";"
conn.open strCon
dim rs,strSQL,id
set rs=server.createobject("ADODB.recordset")
id = request("id")
strSQL = "select * from ACTLIST where worldid=" &amp; id
rs.open strSQL,conn,1,3
rs.close
%>


From:网络
Tags: , ,
Technology | Comments(0) | Trackbacks(0) | Reads(7582)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive