切换风格

Wizard Sky California Sunset glow Black Cloud Beige Dragon Lavender NewYear City Snow Flowers London
收藏本站XSS平台字符串转换jsfuck
258 Windows 2003 IIS& MSSQL 测试环境构造[复制链接]
发表于 2012-9-12 00:01:34 | 显示全部楼层 |!read_mode!
GET

数据库: 打开SQL Server Management Studio Express 连接 选择 新建查询N

输入:

  1. CREATE DATABASE pen
复制代码
然后点击 执行X刷新 点击 数据库 PEN 点击右键 新建查询Q 输入以下代码 执行
  1. create table products
  2. (
  3. id int identity(1,1) not null,
  4. prodName varchar(50) not null,
  5. )

  6. insert into products(prodName) values('1')
  7. insert into products(prodName) values('2')
  8. insert into products(prodName) values('3')
复制代码
ASP代码:  保存到:C:\Inetpub\wwwroot\get.asp
  1. <%
  2. dim prodId
  3. prodId = Request.QueryString("id")

  4. set conn = server.createObject("ADODB.Connection")
  5. set rs = server.createObject("ADODB.Recordset")

  6. query = "select prodName from products where id = " & prodId

  7. conn.Open "Provider=SQLOLEDB; Data Source=(local); Initial Catalog=pen; User Id=sa; Password=123456"
  8. rs.activeConnection = conn
  9. rs.open query
  10. if not rs.eof then
  11. response.write "Got product " & rs.fields("prodName").value
  12. else
  13. response.write "No product found"
  14. end if
  15. %>
复制代码
访问:http://ip/get.asp?id=1POST点击数据库PEN右键 新建查询:
  1. create table users
  2. (
  3. userId int identity(1,1) not null,
  4. userName varchar(50) not null,
  5. userPass varchar(20) not null
  6. )
  7. insert into users(userName, userPass) values('admin', '123456')
复制代码
ASP代码 保存为post.asp到C:\Inetpub\wwwroot
  1. <%
  2. dim userName, password, query
  3. dim conn, rS

  4. userName = Request.Form("userName")
  5. password = Request.Form("password")

  6. set conn = server.createObject("ADODB.Connection")
  7. set rs = server.createObject("ADODB.Recordset")
  8. query = "select count(*) from users where userName='" & userName & "' and userPass='" & password & "'"

  9. conn.Open "Provider=SQLOLEDB; Data Source=(local); Initial Catalog=pen; User Id=sa; Password=123456"
  10. rs.activeConnection = conn
  11. rs.open query

  12. if not rs.eof then
  13. response.write "Logged In"
  14. else
  15. response.write "Bad Credentials"
  16. end if
  17. %>
复制代码
提交HTM,保存为index.htm到C:\Inetpub\wwwroot
  1. <form name="frmLogin" action="post.asp" method="post">
  2. Username: <input type="text" name="userName">
  3. Password: <input type="text" name="password"><input type="submit"></form>
  4. <a href="../get.asp?id=1">get</a>
复制代码



操千曲而后晓声,观千剑而后识器。

代码区

GMT+8, 2020-9-29 22:57

Powered by Discuz! X2

© 2001-2018 Comsenz Inc.

回顶部