华速网游交易平台SQL注入

SQL注入一:漏洞文件：/help.asp这里id参数过滤不严存在sql注入的，但是conn.asp中包含了：!--include file="conn.asp"-- !--include file="inc/config.asp"-- % if trimrequest"id" "" then set rs=conn.execute"select from help where id ="trimrequest"id"" order by paixu asc" if not rs.eof then title=rs"helptitle" content=rs"helpcontent" e...