company.asp中却是 request.querystring("id") 也就是说 不能使用 post
以及cookie注入 但是防注却用的枫叶防注 嘿嘿 地球人都知道 把变量id的i编码
%69 直接绕过 另外 search.asp中
<%
if trim(request.QueryString("Search"))="" then
if trim(request.Form("Area"))="" then
Search="None"
else
Search=trim(request.Form("Area"))
end if
else
Search=trim(request.QueryString("Search"))
end if
KeyWord=trim(request.Form("KeyWord"))
select case Search
case "None"
response.write "<script language=javascript> alert('您没有选择检索范围,点击返回!');history.back(-1);</script>"
response.end
case "Pro"
Locality="检索产品 >> 关键字:"&KeyWord
SQL = "SELECT id,LName,LAddtime FROM Products where LName like '%"&KeyWord&"%' or LKeyWord like '%"&KeyWord&"%' and LPutout=true ORDER BY id DESC"
case "News"
Locality="检索新闻 >> 关键字:"&KeyWord
SQL= "SELECT id,NewTitle,AddTime FROM News where NewTitle like '%"&KeyWord&"%' and Putout=true ORDER BY id DESC"
case "zx"
Locality="检索资讯 >> 关键字:"&KeyWord
SQL= "SELECT id,FileName,AddTime FROM zx where FileName like '%"&KeyWord&"%' and Putout=true ORDER BY id DESC"
case "tc"
Locality="检索套餐 >> 关键字:"&KeyWord
SQL= "SELECT id,Title,AddTime FROM tc where Title like '%"&KeyWord&"%' and Putout=true ORDER BY id DESC"
case "Feedback"
Locality="检索留言 >> 关键字:"&KeyWord
SQL= "SELECT * FROM Feedback where Title like '%"&KeyWord&"%' and Outpub=true ORDER BY id DESC"
case "down"
Locality="检索下载 >> 关键字:"&KeyWord
SQL= "SELECT id,FileName,AddTime FROM down where FileName like '%"&KeyWord&"%' and Putout=true ORDER BY id DESC"
end select
'===========================
%>
