OBLOG4.0 OBLOG4.5通杀 -电脑资料

OBLOG4.0 OBLOG4.5通杀 -电脑资料

来源：Deepen Study

漏洞文件：js.asp

<%

Dim oblog

set blog=new class_sys

oblog.autoupdate=False

oblog.start

dim js_blogurl,n

js_blogurl=Trim(oblog.CacheConfig(3))

n=CInt(Request(”n”))

if n=0 then n=1

select case CInt(Request(”j”))

case 1

call tongji()

case 2

call topuser()

case 3

call adduser()

case 4

call listclass()

case 5

call showusertype()

case 6

call listbestblog()

case 7

call showlogin()

case 8

call showplace()

case 9

call showphoto()

case 10

call showblogstars()

Case 11

Call show_hotblog()

Case 12

Call show_teams()

Case 13

Call show_posts()

Case 14

Call show_hottag()

case 0

call showlog()

end select

****************省略部分代码******************

Sub show_posts()

Dim teamid,postnum,l,u,t

teamid=Request(”tid”)

postnum=n

l=CInt(Request(”l”))

u=CInt(Request(”u”))

t=CInt(Request(”t”))

Dim rs,sql,sRet,sAddon

Sql=”select Top ” & postnum & ” teamid,postid,topic,addtime,author,userid From oblog_teampost Where idepth=0 and isdel=0 ”

If teamid<>“” And teamid<>“0″ Then

teamid=Replace(teamid,”|”,”,”)

Sql=Sql & ” And teamid In (” & teamid & “) ”

End If

Sql=Sql & ” Order by postid Desc”

Set rs=oblog.Execute(Sql)

sRet=”

”

Do While Not rs.Eof

sAddon=”"

* sRet=sRet & “ ” & oblog.Filt_html(Left(rs(2),l)) & “”

If u=1 Then sAddon=rs(4)

if t=1 Then

If sAddon<>“” Then sAddon=sAddon & “,”

sAddon=sAddon & rs(3)

End If

If sAddon<>“” Then sAddon=”(” & sAddon & “)”

sRet=sRet & sAddon & “

”

rs.Movenext

Loop

Set rs = Nothing

sRet=sRet & “

”

Response.write oblog.htm2js (sRet,True)

End Sub