6.6 6.7ע©

[6.6 6.7ע© ȫ]Դhttp://hi.baidu.com/darkhackers/blog/item/59fa36ed5863bef6b2fb95e9.html
[!] :seraph
[!]QQ :81413170
[!] ;
[!]汾 :6.6,6.7
[!]©ļ :payonline/autorecive1.asp
[!]© :δˣɲע©
[!]Σ̶ :
************************************************************************
ֱӲ鿴http://localhost/PayOnline/AutoRecieve1.aspȷϰ汾
鿴֡Ϊ׵İȫ,벻ҪʹϵͳĬϵMD5ԿΪעҰ汾Ϊ6.8

֧ʧܣ Ϊ..

Ĵ룺
AutoRecieve1.asp

v_mid = AccountsID
v_oid = Trim(Request("v_oid"))    ''''֧
v_md5 = Trim(Request("v_md5str"))    ''''ǩ
v_amount = Trim(Request("v_amount"))    ''''֧
v_pstatus = Trim(Request("v_pstatus"))    ''''֧״̬
v_moneytype = Trim(Request("v_moneytype")) ''''֧
v_pmode = Trim(Request("v_pmode"))    ''''֧
v_pstring = Trim(Request("v_pstring"))    ''''֧˵

md5string = MD5(v_oid & v_pstatus & v_amount & v_moneytype & PayOnlineKey, 32)
      
If UCase(v_md5) = UCase(md5string) And v_pstatus = "20" Then
Response.Write "ok"
Call UpdateOrder(v_oid, v_amount, v_pstring, v_pmode, 3, True, True)
Else
Response.Write "error"
End If

UpdateOrder.asp

Sub UpdateOrder(ByVal PaymentNum, ByVal amount, ByVal eBankInfo, ByVal Remark, Status, UpdateDeliverStatus, UpdateOrderStatus)
Dim PaymentID, OrderFormID, MoneyReceipt, MoneyPayout, eBankID
Dim sqlPayment, rsPayment
Dim DoUpdate

PaymentNum = ReplaceBadChar(PaymentNum)
sqlPayment = "select * from PE_Payment where PaymentNum=''''" & PaymentNum & "''''"
Set rsPayment = Server.CreateObject("Adodb.RecordSet")
rsPayment.Open sqlPayment, Conn, 1, 3
If rsPayment.BOF And rsPayment.EOF Then
       FoundErr = True
       If IsMessageShow = True Then
      Response.Write "Ҳָ֧"
       End If
Else


ģӣѣ
sqlPayment = "select * from PE_Payment where PaymentNum=''''" & PaymentNum & "''''"
PaymentNumõAutoRecieve1.aspеv_oid
v_oid = Trim(Request("v_oid"))    ''''֧
v_oidûоκι˽ˣӣѣ䵱Уγע
עҪһ

md5string = MD5(v_oid & v_pstatus & v_amount & v_moneytype & PayOnlineKey, 32)
      
If UCase(v_md5) = UCase(md5string) And v_pstatus = "20" Then
Ҫһͣģֵƥ
ģͣģֵûԼģֻҪԼ½乹һmd5Ϳͨ


עʱ
Ҳָ֧
Ϊ
֧
Ϊȷ