帖子主题: [求助]一个注入漏洞的修补

下面的是这个完整的文件，用阿D能扫出管理的帐号密码。本人不懂，请问这漏洞怎么修补。

<!--#include file=inc/conn.asp-->
<script language="JavaScript">
function closewindow()
{
  window.close();
}
</script>
<link href="inc/style.css" rel="stylesheet" type="text/css">
    <%
    dim id,rs,sql
    id=trim(request("id"))
    if id="" then
    call list()
response.end
end if
    set rs=server.createobject("adodb.recordset")
    sql="select * from [gonggao] where id="&cstr(id)
    rs.open sql,conn,1,1
    if rs.eof and rs.bof then
response.write "没有新闻"
response.end
    end if
    function HTMLEncode(fString)
    fString = replace(fString, ">", ">")
    fString = replace(fString, "<", "<")
    fString = Replace(fString, CHR(13), "")
    fString = Replace(fString, CHR(10) & CHR(10), "</P><P>")
    fString = Replace(fString, CHR(10), "<BR>")
    HTMLEncode = fString
    end function
    %>
    <title><%=rs("biaoti")%>-网-</title>
<body topmargin="3">
<div align="center">
  <center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#FF9933" width="521" height="162">
  <tr>
    <td width="519" height="162">
    <div align="center">
      <center>
    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="99%">
      <tr>
        <td width="33%">
        <p align="right">
        <a target="_blank" href="index.asp">
        <img border="0" src="image/ad_top_468.gif" align="center"></a></td>
        <td width="67%" colspan="2">

      </tr>
      <tr>
        <td width="100%" colspan="3">
        <p align="center"><span style="font-size: 11pt; font-weight: 700"><%=rs("biaoti")%></span></td>
      </tr>
      <tr>
        <td width="50%" height="18" align=right>
        <font color="#C0C0C0" size="2"><%=rs("data")%></font></td>
      </tr>
      <tr>
        <td width="100%" colspan="3"><font size="2">  <%=HTMLEncode(rs("neirong"))%></font></td>
      </tr>
    </table>
      </center>
    </div>
    </td>
  </tr>
</table>
  </center>
</div>
<%
rs.close
set rs=nothing
conn.close
set conn=nothing
%>
<%sub list()
dim k
set rs=server.createobject("adodb.recordset")
sql="select * from [gonggao] order by id desc"
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.write "没有新闻"
response.end
end if
k=0
%>
<div align="center">
  <center>
<table border="1" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#FF9933" width="521" height="13">
  <tr>
    <td width="521" height="13">
    <div align="center">
      <center>
    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="99%">
      <tr>
        <td width="2%">　</td>
        <td width="6%" height="20">
        <p align="center"><font size="2">编号</font></td>
        <td width="64%" height="20"><font size="2">标题</font></td>
        <td width="28%" height="20"><font size="2">发布时间</font></td>
      </tr>
      <%do while not rs.eof%><span style="font-size: 9pt">
      <tr>
        <td width="2%">　</td>
        <td width="6%" height="20"> </span>
        <p align="center">
        <font size="2"><%=k+1%></font></td>
        <td width="64%" height="20"><a href="javascript:win=open('gonggao.asp?id=<%=rs("id")%>','offer','width=560,height=450,status=no,menubar=yes,scrollbars=yes,top=0,left=0'); win.focus()">
        <font size="2"><%=rs("biaoti")%></font></a></td>
        <td width="28%" height="20"><font size="2" color="#C0C0C0"><%=rs("data")%></font></td>
      </tr>
      <%
      rs.movenext
      k=k+1
      loop
      %>
    </table>
      </center>
    </div>
    </td>
  </tr>
</table>
  </center>
</div>
<%end sub%>

大哥  id根本没有过滤 你说能不能扫出来
汗

看看!!!

我只是简单的看了看，很明显
<%
    dim id,rs,sql
    id=trim(request("id"))
    if id="" then
    call list()
response.end的id没有被过滤就被赋值trim了。我还没有仔细看。

int(id)

我就是不懂才问的啊，先感谢有这多人回复。
有谁可以告诉我具体的改法吗？

多谢了。加个这句就行了。
在别的论坛发这贴没人回，黑防就是不一样。