聊天室的原代码（ASP.NET有漏洞！）

登陆页面：LOGIN.ASPX

<html>
<head>
<script language="javascript">
<!--
function setfocus(element)
{element.focus()}
-->
</script>
</head>
<body text="red" bgcolor="black">
<form action="verify.aspx" method="post">
<p align="center">
请输入登陆名：<input type="text" name="txtname" />
</p>
<p align="center">
请输入登陆密码：<input type="password" name="password" />
</p>
<p align="center">
<input type="submit" value="登陆" />
<input type="reset" value="清除" />
</p>
</form>
</body>
</html>

获取信息页面：VERIFY.ASPX

 

<html>
<head>
</head>
<body>
<%
if request.form("txtname")="" or request.form("password")="" then
response.redirect("login.aspx")
else
dim username,password as string
username=request.form("txtname")
password=request.form("password")
session("username")=username
session("password")=password
response.redirect("main.aspx")
end if
%>
</body>
</html>

框架页：ＭＡＩＮ.ASPX

<html>
<head>
</head>
<frameset rows=*,131 cols=*>
<frame name="display" src="display.aspx" scrolling="auto" />
<frame name="input" src="sponse.aspx" scrolling="auto" />
</frameset>
</html>

发言页面：SPONSE.ASPX

<html>
<head>
<script language="javascript">
<!--
function setfocus(element) ’没学习过JAVA不明白什么意思
{element.focus()}
-->
</script>
</head>
<body text="red" bgcolor="black" οnlοad="setfocus(document.frmsponse.txtmessage)">
<form id="frmsponse" name="frmsponse" action="sponse.aspx" method="post">
<p>
我要发言：
<input id="txtmessage" style="LEFT: 11px; WIDTH: 497px; TOP: 54px; HEIGHT: 22px" size="65" name="txtmessage" />
</p>
<p>
<input id="btnsubmit" type="submit" value="发送" name="btusubmit" />
<input type="reset" value="清除" />
</p>
</form>
<%
if request.form("txtmessage")<>"" then
application.lock
if application("talkid")>=10 then
dim i as integer
for i=0 to 8
application("talkcontent")(i)=application("talkcontent")(i+1)
next
application("talkid")-=1
end if

dim strusername,strcontent,arrtemptalk() as string
dim id as integer
strusername=session("username")
strcontent=server.htmlencode(request.form("txtmessage"))
arrtemptalk=application("talkcontent")
id=application("talkid")

arrtemptalk(id)=strusername+"在"
arrtemptalk(id)+="<font color=lavender>"+cstr(timeofday())
arrtemptalk(id)+="</font>说到:"+"<font color=white>"
arrtemptalk(id)+=strcontent+"</font>"
id+=1
application("talkid")=id
application("talkcontent")=arrtemptalk
application.unlock
end if
%>
</body>
</html>
显示发言页：DISPLAY.ASPX

<html>
<head>
<meta http-equiv="refresh" content="2;url=display.aspx" /> ‘有没有更好更隐蔽的刷新方法呢？
</head>
<body text="red" bgcolor="black">
<p>
目前在线人数：<%=application("usercount")%> ‘此处运行是不能正确显示在线人数
</p>
<hr />
<%
dim arrtemptalk() as string
dim id as integer
arrtemptalk=application("talkcontent")
for id=0 to application("talkid")-1
response.write("<p>")
response.write(arrtemptalk(id))
response.write("</p>")
next
%>
</body>
</html>

GLOBAL.ASAX文件：

 <script language=vb runat=server>
sub application_onstart()
dim temptalk(10) as string
application("talkcontent")=temptalk
application("talkid")=0
application("usercount")=0
end sub
sub seeeion_onstart()
session.timeout=30
application("usercount")+=1
end sub
sub session_onend
application("usercount")-=1
end sub
</script>