[Sql server]应用程序中的高级SQL注入(2)

这是一个提交表单页的代码，让用户输入用户名和密码：

＜HTML>

＜HEAD>

＜TITLE>Login Page＜/TITLE>

＜/HEAD>

＜BODY bgcolor='000000' text='cccccc'>

＜FONT Face='tahoma' color='cccccc'>

＜CENTER>＜H1>Login＜/H1>

＜FORM action='process_loginasp' method=post>

＜TABLE>

＜TR>＜TD>Username：＜/TD>＜TD>＜INPUT type=text name=username size=100 width=100>＜/TD>＜/TR>

＜TR>＜TD>Password：＜/TD>＜TD>＜INPUT type=password name=password size=100 withd=100>＜/TD>＜/TR>

＜/TABLE>

＜INPUT type=submit value='Submit'>＜INPUT type=reset value='Reset'>

＜/FORM>

＜/Font>

＜/BODY>

＜/HTML>

下面是process_login.asp的代码，它是用来控制登陆的：

＜HTML>

＜BODY bgcolor='000000' text='ffffff'>

＜FONT Face='tahoma' color='ffffff'>

＜STYLE>

p { font-size=20pt ! important}

font { font-size=20pt ! important}

h1 { font-size=64pt ! important}

＜/STYLE>

＜%@LANGUAGE = JScript %>

＜%

function trace( str ) {

if( Request.form("debug") == "true" )

Response.write( str );

}

function Login( cn ) {

var username;

var password;

username = Request.form("username");

password = Request.form("password");

var rso = Server.CreateObject("ADODB.Recordset");

var sql = "select * from users where username = '" + username + "' and password = '" + password + "'"; trace( "query: " + sql );