13/11/2007, 13:49
|
 | | | Fecha de Ingreso: diciembre-2003 Ubicación: Venezuela
Mensajes: 879
Antigüedad: 21 años, 11 meses Puntos: 6 | |
| Re: Ataque a mi sitio web
Cita:
Iniciado por u_goldman  No, a lo que me referia es al codigo que llama a esa rutina Oops...disculpa..
Código:
<%
on error resume next
dim mySQL, conntemp, rstemp
if request.ServerVariables("HTTP_REFERER") <> "http://www.diloconflores.com/store/comersus_customerregistrationform.asp" then request.redirect("comersus_supporterror.asp?error=Detectado")
' form parameters
pcustomerName = replace(request.form("customerName"),"'"," ")
pcustomerlast_name = replace(request.form("customerlast_Name"),"'"," ")
pcustomer_fecha_nac = request.form("txtDia")&"/"&request.Form("cboMes")&"/"&request.Form("txtAno")
pcustomer_sexo = request.Form("optSexo")
pemail = request.form("email")
'ppassword = enDeCrypt(request.form("password"), pEncryptionPassword)
ppassword = replace(request.form("password"),"'"," ")
pphone = request.form("phone")
pcity = replace(request.form("city"),"'"," ")
pzip = replace(request.form("zip"),"'"," ")
pcountry = request.form("country")
pstate = replace(request.form("state"),"'"," ")
paddress = replace(request.form("address"),"'"," ")
pIp = request.ServerVariables("REMOTE_HOST")
pIp = request.ServerVariables("HTTP_REFERER")
fecha_reg = date()
call openDb()
' check if email exists
mySQL="SELECT idcustomer FROM customers WHERE email='" &pEmail&"'"
set rstemp=conntemp.execute(mySQL)
if err.number <> 0 then
response.redirect "comersus_supporterror.asp?error="& Server.Urlencode("Error 1 in customerregistrationexec: "&Err.Description)
end If
if not rstemp.eof then
response.redirect "comersus_message.asp?message=11" ' no existe el email en la base de datos
end if
' inserta los datos del cliente OJO...ES AQUI DONDE SUPONÍA QUE OCURRÍA EL ERROR DE VALINTINO GUXXI, PERO POR LO QUE HE PODIDO VER, SOLO ESTÁ EJECUTANDO DIRECTAMENTE EL comersus_supporterror.asp?error='ERROR'
mySQL="InSeRt INTO customers (name, last_name, fecha_nac, sexo, email, city, country, phone, address, zip, password, state , ip, fecha_reg,customerType) VALUES ('" &pcustomerName& "','" &pcustomerlast_Name& "','" &pcustomer_fecha_nac& "','"&pcustomer_sexo& "','" &pemail& "','" &pcity& "', '" &pcountry& "','" &pphone& "','" &paddress& "','" &pzip& "','" &ppassword& "','" &pstate& "','" &pip& "','"&fecha_reg&"',0)"
set rstemp=conntemp.execute(mySQL)
if err.number <> 0 then
response.redirect "comersus_supporterror.asp?error="& Server.Urlencode(mysql&Err.Description&request.ServerVariables("HTTP_REFERER"))
end If
|