0
我想解决我父亲的企业系统内的一个问题,系统有一个按钮,只适用于Internet Explorer,它不适用于其他浏览器,所以它是不可能的在使用iPad或其他操作系统的系统中工作...他们从一个名为Linx的企业购买了这个系统,我猜这个系统的代码太危险了,在客户端处理查询(javascript)。
如果你知道为什么这只是在Internet Explorer上工作,我会如此伟大!
感谢您的建议...
观察:我刚刚复制了按钮的html和按钮的javascript功能,并粘贴在这里。按钮只是在Internet Explorer上工作
<script>
function Query_onclick() {
xwhere = "";
xflag = 1;
if (xmodelos != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Modelagem = '" + xmodelos + "'";
}
if (xmateriais != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Material = '" + xmateriais + "'";
}
if (xgrupos != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Grupo_produto = '" + xgrupos + "'";
}
if (xsubgrupos != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Subgrupo_produto = '" + xsubgrupos + "'";
}
if (xcategorias != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " p.cod_categoria in (select cod_categoria from produtos_categoria where CATEGORIA_PRODUTO ='" + xcategorias + "')";
}
if (xsubcategorias != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " p.cod_subcategoria in (select cod_subcategoria from produtos_subcategoria where SUBCATEGORIA_PRODUTO ='" + xsubcategorias + "')";
}
if (xfabricante != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Fabricante = '" + xfabricante + "'";
}
if (xlinhas != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Linha = '" + xlinhas + "'";
}
if (xcomposicao != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " composicao = '" + xcomposicao + "'";
}
if (xcolecoes != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Colecao = '" + xcolecoes + "'";
}
if (xgriffes != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Griffe = '" + xgriffes + "'";
}
if (xtipos != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Tipo_produto = '" + xtipos + "'";
}
if (produto.value != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " produto like '" + Urlencode("%" + produto.value + "%") + "'";
}
if (descricao.value != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " desc_produto like '" + urlencode(descricao.value) + "'";
}
if (xwhere != ""){
if (Foto.checked == 1) {
xfoto = "&xfoto=" + Foto.checked;
}
else {
xfoto = "&xfoto=false";
}
parent.frames.Principal.location = "../pages/cat_prods.asp?xwhere=" + xwhere + xfoto;
}
else{
if (Foto.checked == 1) {
xfoto = "?xfoto=" + Foto.checked;
}
else {
xfoto = "?xfoto=false";
}
parent.frames.Principal.location = "../pages/cat_prods.asp"+ xfoto;
}
}
</script>
<input type="Image" src="image.png" name="Query" value=" Pesquisar " onclick="Query_onclick()">
对不起,我没有你的答案,但我只是要评论:这可能是我见过的最糟糕的安全漏洞!它适合*** TheDailyWTF.com ***入门!当向新手程序员教SQL注入时,这应该被用作**“最坏的情况”**。 – 2012-01-16 13:24:33
你的问题似乎与本身相矛盾。首先你说这个按钮只适用于IE,然后你问为什么这不适用于IE。你能澄清它是哪一个吗?从那里开始,也许检查状态栏中右侧的屏幕右侧是否有JS错误。如果您在Chrome中进行测试,您应该可以按CTRL + SHIFT + I并查看控制台是否有任何错误。 – 2012-01-16 13:25:33
我不知道,[这一切都取决于上下文](http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data的.aspx)。它可能会更糟... – 2012-01-16 13:26:05