0
我想解決我父親的企業系統內的一個問題,系統有一個按鈕,只適用於Internet Explorer,它不適用於其他瀏覽器,所以它是不可能的在使用iPad或其他操作系統的系統中工作...他們從一個名爲Linx的企業購買了這個系統,我猜這個系統的代碼太危險了,在客戶端處理查詢(javascript)。
如果你知道爲什麼這只是在Internet Explorer上工作,我會如此偉大!
感謝您的建議...
觀察:我剛剛複製了按鈕的html和按鈕的javascript功能,並粘貼在這裏。按鈕只是在Internet Explorer上工作
<script>
function Query_onclick() {
xwhere = "";
xflag = 1;
if (xmodelos != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Modelagem = '" + xmodelos + "'";
}
if (xmateriais != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Material = '" + xmateriais + "'";
}
if (xgrupos != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Grupo_produto = '" + xgrupos + "'";
}
if (xsubgrupos != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Subgrupo_produto = '" + xsubgrupos + "'";
}
if (xcategorias != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " p.cod_categoria in (select cod_categoria from produtos_categoria where CATEGORIA_PRODUTO ='" + xcategorias + "')";
}
if (xsubcategorias != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " p.cod_subcategoria in (select cod_subcategoria from produtos_subcategoria where SUBCATEGORIA_PRODUTO ='" + xsubcategorias + "')";
}
if (xfabricante != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Fabricante = '" + xfabricante + "'";
}
if (xlinhas != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Linha = '" + xlinhas + "'";
}
if (xcomposicao != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " composicao = '" + xcomposicao + "'";
}
if (xcolecoes != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Colecao = '" + xcolecoes + "'";
}
if (xgriffes != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Griffe = '" + xgriffes + "'";
}
if (xtipos != ""){
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " Tipo_produto = '" + xtipos + "'";
}
if (produto.value != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " produto like '" + Urlencode("%" + produto.value + "%") + "'";
}
if (descricao.value != "") {
if (xwhere != "") {
xwhere = xwhere + " and ";
}
xwhere = xwhere + " desc_produto like '" + urlencode(descricao.value) + "'";
}
if (xwhere != ""){
if (Foto.checked == 1) {
xfoto = "&xfoto=" + Foto.checked;
}
else {
xfoto = "&xfoto=false";
}
parent.frames.Principal.location = "../pages/cat_prods.asp?xwhere=" + xwhere + xfoto;
}
else{
if (Foto.checked == 1) {
xfoto = "?xfoto=" + Foto.checked;
}
else {
xfoto = "?xfoto=false";
}
parent.frames.Principal.location = "../pages/cat_prods.asp"+ xfoto;
}
}
</script>
<input type="Image" src="image.png" name="Query" value=" Pesquisar " onclick="Query_onclick()">
對不起,我沒有你的答案,但我只是要評論:這可能是我見過的最糟糕的安全漏洞!它適合*** TheDailyWTF.com ***入門!當向新手程序員教SQL注入時,這應該被用作**「最壞的情況」**。 – 2012-01-16 13:24:33
你的問題似乎與本身相矛盾。首先你說這個按鈕只適用於IE,然後你問爲什麼這不適用於IE。你能澄清它是哪一個嗎?從那裏開始,也許檢查狀態欄中右側的屏幕右側是否有JS錯誤。如果您在Chrome中進行測試,您應該可以按CTRL + SHIFT + I並查看控制檯是否有任何錯誤。 – 2012-01-16 13:25:33
我不知道,[這一切都取決於上下文](http://thedailywtf.com/Articles/Oklahoma-Leaks-Tens-of-Thousands-of-Social-Security-Numbers,-Other-Sensitive-Data的.aspx)。它可能會更糟... – 2012-01-16 13:26:05