_ID未过滤
评论编辑commedit.asp 137行
comm_ID=Request.Form(“comm_ID”)==>comm_ID=cint(Request.Form(“comm_ID”))网络收藏夹colledit.asp 103行
col_ID=Request.Form(“col_ID”)==>col_ID=cint(Request.Form(“col_ID”))下载编辑downledit.asp 134行
downl_ID=Request.Form(“downl_ID”)==>downl_ID=cint(Request.Form(“downl_ID”))
性别提权member.asp 43行
Conn.ExeCute("update blog_Member SET mem_Sex="&CheckStr(Request.Form("mem_Sex"))&",mem_Email='"&CheckStr(Request.Form("mem_Email"))&"',mem_hideEmail="&hideEmail&",mem_HomePage='"&CheckStr(Request.Form("mem_HomePage"))&"',mem_Intro='"&CheckStr(Request.Form("mem_Intro"))&"'"&SQL_Add&" where mem_ID="&mem_ID&"")
<span style="color:LimeGreen">CheckStr(Request.Form("mem_Sex"))</span>==><span style="color:LimeGreen">cint(CheckStr(Request.Form("mem_Sex")))</span>
本站已經修復…. THANKS:loveshell.net
0 评论.