2020-02-16 标签:oblog,任意,文件,下载,漏洞,path,trim,request,获取,用户,提交,路径,fileid,response,write,参数,不足,end

Path = Trim(Request("path")) '获取用户提交的路径FileID = Trim(Request("FileID"))If FileID ="" And Path = "" ThenResponse.Write "参数不足"Response.EndEnd If...If Ch

2020-02-16 标签:oblog,sql,语句,实现,代码,如下,exists,select,dbo,sysobjects,id,object,n,ob,calendar,isprocedure

实现代码如下：if exists (select * from dbo.sysobjects where id = object_id(N'[dbo].[ob_calendar]') and OBJECTPROPERTY(id, N'IsProcedure') = 1)drop procedure

2020-02-16 标签:oblog,漏洞,利用,分析,来源,deepen,study,文件,js,asp,dim,set,n,ew,class,sys,autoupdate

来源：Deepen Study 漏洞文件：js.asp “” And teamid<>“0″ Then teamid=Replace(teamid,”|”,”,”) Sql=Sql gid=1跟pid=2里的1,2就是了 直接替换里面的1,2为username,password htt