WooYun.org

if session("verifycode")<>request.Form("code") then
response.write "<br><br><div align=center><a href=javascript:window.history.back()>请输入正确的验证码，点击这里返回重试</a></div>"
response.end
end if
username=trim(request.Form("username"))
password_Answer=trim(request.Form("password_Answer"))
mail=trim(request.Form("mail"))
if InStr(password_Answer,"'")>0 or InStr(password_Answer,"--")>0 or InStr(password_Answer,"(")>0 or InStr(password_Answer,";")>0 then
	response.write "密码提示答案不合法。"
	response.end
END IF
if InStr(mail,"'")>0 or InStr(mail,"(")>0 or InStr(mail,";")>0 then
	response.write "mail不合法。"
	response.end
END IF
sql="select password from x_huiyuan where username='"&username&"' and password_Answer='"&password_Answer&"' and email='"&mail&"' "//注入
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,1