asp or ©¶´

 Â©¶´ÃèÊö:
ÔÚlogin.aspÖУ¬½ÓÊÕÓû§ÊäÈëµÄUseridºÍPasswordÊý¾Ý£¬²¢·Ö±ð¸³Öµ¸øuserºÍpwd£¬È»ºóÔÙÓÃsql="select * from admin where username="&user&" and password="&pwd&"" Õâ¾äÀ´¶ÔÓû§ÃûºÍÃÜÂë¼ÓÒÔÑéÖ¤¡£ 
ÒÔ³£ÀíÀ´¿¼ÂǵĻ°£¬ÕâÊǸöºÜÍêÕûµÄ³ÌÐòÁË¡£¶øÔÚʵ¼ÊµÄʹÓùý³ÌÖУ¬ÕûÌ׳ÌÐòÒ²µÄÈ·¿ÉÄÜÕý³£Ê¹Óᣠ
  
µ«ÊÇÈç¹ûUseridµÄÖµºÍpasswordµÄÖµ±»¸³ÓÚ£ºsafer’ or’1’=’1’ Õâʱ£¬sql="select * from admin where username="&user&" and password="&pwd&"" ¾Í³ÉÁË£º 
  
sql="select * from reg where user=safer’ or’1’=’1’ and pass=safer’ or’1’=’1’   
ÔõôÑù£¿£¡ÎÒ²»Ëµ´ó¼ÒÒ²Ã÷°×ÁË°É£¡ 
  
¼ÈÈ»ÓÐÕâÑùµÄÎÊÌ⣬½ÓÏÂÀ´ÎÒÃǾÍÀ´¿´¿´ÈçºÎ½â¾öËü¡£´ÓÉÏÃæµÄ³ÌÐòÖи÷λҲ¿ÉÒÔ¿´³ö£¬Ö»Òª¶ÔÓû§ÊäÈëµÄÊý¾Ý½øÐÐÑϸñ¹ýÂ˾ͿÉÒÔÁË¡£¾ßÌå¿ÉÒÔ²ÎÏÂÃæµÄ³ÌÐò£º 
Quote
  ¡´% 
  user=request.from("UserID") 
  pass=request.from("password") 
  for i=1 to len(UserID) 
  cl=mid(UserID,i,1) 
  if cl="" or us="%" or us="¡´" or us="¡µ" then 
  response.redirect "54safer ..haha" 
  response.end 
  end if 
  next 
  %¡µ 
ͬÑùÊÇÏÈÈ¡µÃÓû§ÊäÈëÊý¾Ý£¬È»ºó·ÖÎöÓû§ÊäÈëµÄÿһ¸ö×Ö·û£¬Èç·¢ÏÖÒì³££¬Ôòתµ½´íÎóÒ³Ãæ¡£ 
if cl="" or us="%" or us="¡´" or us="¡µ" then ÕâÒ»¾äÖпÉÒÔ¼ÓÈëÈÎÒâµÄ¹ýÂË×Ö·û£¬¸ú¾Ý¾ßÌåÇé¿ö¶ø¶¨¡£ 
********************************************************************
©¶´ÐÞ²¹:
username=replace(trim(request("username")),"’","")
password=replace(trim(Request("password")),"’","")
°Ñ“’”¸ø¹ýÂËÁË
Èç¹ûÄãÏëÓÓ’”µ±×öÃÜÂë ¾ÍÓÃÏÂÃæµÄ·½·¨
1¡¢select * from user where user=’ " & User & "’ " 
2¡¢Èç¹û·µ»Ø²»Îª¼Ù£¬ÔòÈ¡ÃÜÂë 
pass=rs("passwd") 
3¡¢Åжϣºif pass=password 
4¡¢µÃ³ö½áÂÛ¡£ 
Àý×Ó:
Qu