大家看这代码,到底有没被入侵成功?2个技术员争得面红耳赤
事件类型:警告
事件来源:ASP.NET 2.0.50727.0
事件种类:Web 事件
事件 ID:1309
日期:2012-4-1
事件:11:11:19
用户:N/A
计算机:S014102248050
描述:
事件代码: 3005
事件消息: 发生了未处理的异常。
事件时间: 2012-4-1 11:11:19
事件时间(UTC): 2012-4-1 3:11:19
事件 ID: b2f9f9b039e847a58259954c244dd5fe
事件序列: 50944
事件匹配项: 1229
事件详细信息代码: 0
应用程序信息:
应用程序域: /LM/W3SVC/273175319/Root-1-129776664163281250
信任级别: Full
应用程序虚拟路径: /
应用程序路径: F:\inetpub\林新照\wwwroot\
计算机名: S014102248050
进程信息:
进程 ID: 3280
进程名: w3wp.exe
帐户名: S014102248050\iwam_38
异常信息:
异常类型: SessionException
异常消息: Get List errorselect top 1 news_Title,news_AddTime,news_Count,News_Id,news_Content from Dcms_news where news_State='1' and news_Id=38 and user>0-- order by news_Id Desc
请求信息:
请求 URL: http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38http://www.china-hello.com/Aspx/CN/news_detail.aspx?CateID=14&NewsID=38%20and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--and%20user>0--
请求路径: %21
用户主机地址: %22
用户: %23
是否已经过身份验证: %24
身份验证类型: %25
线程帐户名: %26
线程信息:
线程 ID: %27
线程帐户名: %28
是否正在模拟: %29
堆栈跟踪: %30
自定义事件详细信息:
%14
有关更多信息,请参阅在 http://go.microsoft.com/fwlink/events.asp 的帮助和支持中心。
[解决办法]
出异常了应该是语句未被执行。
你直接看密码是不是被改成 “96e79218965eb72c92a549dd5a330112”不就行了嘛。
有注入漏洞。应该是没有成功吧
[解决办法]
晕当然要处理了,处理Request.QueryString 和Request.Form进行过滤 到SQL执行处采用@参数传递。
