shopxp html版2.0 CSRF漏洞

!--include file="xp.asp"-- % dim adminid,action action=request.QueryString"action" adminid=request.QueryString"id" if adminid="" then adminid=request"adminid" select case action case "save" set rs=server.CreateObject"adodb.recordset" rs.Open "select from shopxpadmin where adminid="&adminid,conn,1...