新手请教'or'='or' 网站漏洞修补
大家好,我是新手,我新做了一个网站,后台有'or'='or'漏洞我在网上找的方法修补不了,请大家帮我修补一下,谢谢了!源代码我贴上来了:
<!--#include file="../Conn.asp" -->
<%
sql="select * from config"
set rs=server.CreateObject("ADODB.RecordSet")
rs.open sql,conn,1,3
Response.CacheControl = "no-cache"
dim GetCode
%>
<HTML>
<HEAD>
<TITLE><%=rs("webName")%> - 管理登陆</TITLE>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<LINK href="images/style.css" type=text/css rel=stylesheet>
<SCRIPT language=javascript>
<!--//
function SetFocus()
{
if (document.myform.adminname.value=="")
document.myform.adminname.focus();
else
document.myform.adminname.select();
}
function CheckForm()
{
if(document.myform.adminname.value=="")
{
alert("请输入您的用户名!");
document.myform.adminname.focus();
return false;
}
if(document.myform.adminpwd.value == "")
{
alert("请输入您的密码!");
document.myform.adminpwd.focus();
return false;
}
if(document.myform.admincode.value == "")
{
alert("请输入您的密码!");
document.myform.admincode.focus();
return false;
}
}
function CheckBrowser()
{
var app=navigator.appName;
var verStr=navigator.appVersion;
if (app.indexOf('Netscape') != -1) {
alert("<%=rs("webName")%>提示:\n 你使用的是Netscape浏览器,可能会导致无法使用后台的部分功能。建议您使用 IE6.0 或以上版本。");
}
else if (app.indexOf('Microsoft') != -1) {
if (verStr.indexOf("MSIE 3.0")!=-1 || verStr.indexOf("MSIE 4.0") != -1 || verStr.indexOf("MSIE 5.0") != -1 || verStr.indexOf("MSIE 5.1") != -1)
alert("<%=rs("webName")%>提示:\n 您的浏览器版本太低,可能会导致无法使用后台的部分功能。建议您使用 IE6.0 或以上版本。");
}
}
//-->
</SCRIPT>
<META content="MSHTML 6.00.2900.3314" name=GENERATOR>
<style type="text/css">
<!--
body {
margin-top: 88px;
}
-->
</style>
</HEAD>
<BODY>
<TABLE style="BORDER-RIGHT: 3px outset; BORDER-TOP: 3px outset; BORDER-LEFT: 3px outset; WIDTH: 0px; BORDER-BOTTOM: 3px outset" cellSpacing=0 cellPadding=1 align=center bgColor=#ffffff border=0>
<FORM name=myform onSubmit="return CheckForm();" action=admin_check.asp method=post target=_top>
<TBODY>
<TR>
<TD>
<TABLE cellSpacing=0 cellPadding=0 width=605 align=center border=0>
<TBODY>
<TR>
<TD background="images/admin_login_r1_c1.jpg" colSpan=3 height=17></TD></TR>
<TR>
<TD vAlign=top width=24><IMG height=212 src="images/admin_login_r2_c1.jpg" width=23></TD>
<TD vAlign=top align=middle width=494 bgColor=#ffffff>
<TABLE height=100 cellSpacing=0 cellPadding=0 width="100%" border=0><TBODY>
<TR>
<TD vAlign=bottom align=right background="images/admin_login_r2_c2.jpg" height=100></TD></TR></TBODY></TABLE>
<TABLE cellSpacing=6 cellPadding=0 width="100%" align=center border=0>
<TBODY>
<TR>
<TD align=center width="22%" rowSpan=5><a href="<%=rs("webUrl")%>" title="<%=rs("webName")%>"><img src="../images/logo.gif" border="0"></a></TD>
<TD align=left width="78%">用户名: <INPUT style="BACKGROUND-COLOR: #eeefff" size=25 name=adminname></TD></TR>
<TR>
<TD align=left>密 码: <INPUT style="BACKGROUND-COLOR: #eeefff" type=password size=25 name=adminpwd></TD></TR>
<TR>
<TD align=left>验证码: <input name="admincode" type="text" size="8" maxlength="4" value="
<%If GetCode=9999 Then Response.Write "9999"%>" style="background-color: #EEEFFF;"> 请在附加码框输入
<IMG style="CURSOR: pointer" onclick="this.src='inc/CheckCode.asp'" height=10 alt="验证码,看不清楚?请点击刷新验证码" src="inc/CheckCode.asp"></TD></TR>
<TR>
<TD align=left>
<INPUT type=hidden value=Login name=Action>
<INPUT class=button type=submit value=登陆系统 name=Submit>
<INPUT class=button onclick=window.location.reload() type=button value=刷新本页 name=refresh>
<INPUT class=button onClick="javascript:location.href='../'" type=button value=返回首页 name=Submit1></TD></TR></TBODY>
</TABLE></TD>
<TD vAlign=top width=88><IMG height=212 src="images/admin_login_r2_c3.jpg" width=88></TD></TR>
<TR>
<TD align=middle background="images/admin_login_r4_c1.jpg" colSpan=3 height=21></TD></TR>
</TBODY></TABLE></TD></TR>
</FORM>
</TBODY>
</TABLE>
<SCRIPT language=JavaScript>
<!--
CheckBrowser();
SetFocus();
-->
</SCRIPT>
</BODY>
</HTML>
[ 本帖最后由 gitti0 于 2011-7-25 17:44 编辑 ]
