Tack!
Vet att jag kanske borde byta bort de gamla asp-filerna till något nytt, men tänkte fixa detta säkerhetshål tillsvidare.
Är det bara att lägga till strid inför alla databasfrågor i de andra asp-filerna till samma script eller hur skulle följande fil i samma script valideras?
t.ex.
<%
Set db = Server.CreateObject("ADODB.Connection")
db.Open "Driver={MySQL ODBC 5.1 Driver};" & "Server=mysql443.loopia.se;" & "Port=3306;" & "Option=131072;" & "Stmt=;" & "Database=dagligen_se;" & "Uid=anvandare;" & "Pwd=mittpass"
SQL = "SELECT Count(*) AS rakna From links WHERE visa='ja' AND datum<='" & date()-1 & "'"
Set rs = db.Execute(SQL)
rakna = RS.Fields(0)
rs.Close
db.Close
%>
<td bgcolor=#FFFFFF width=568 valign=top>
<center>
<table width="548" cellspacing=0 cellpadding=0>
<tr>
<td valign=top>
<br>
Här hittar du alla länkar som visas just nu på Dagligen.nu.<br>
Just nu finns det <%=rakna%> länkar.
<br>
<a class="kat" href="alla.asp?lista=alla">Alla</a> | <a class="kat" href="alla.asp?lista=film">Filmer</a> | <a class="kat" href="alla.asp?lista=bild">Bilder</a> | <a class="kat" href="alla.asp?lista=hemsida">Hemsidor</a> | <a class="kat" href="alla.asp?lista=spel">Spel</a> | <a class="kat" href="alla.asp?lista=ljud">Ljud</a>
<br>
</td>
</tr>
</table>
<%
Dim Con
Set Con = Server.CreateObject("ADODB.Connection")
Con.Open "Driver={MySQL ODBC 5.1 Driver};" & "Server=mysql443.loopia.se;" & "Port=3306;" & "Option=131072;" & "Stmt=;" & "Database=dagligen_se;" & "Uid=minanvandare;" & "Pwd=mittpass"
%>
<%
Const perSida = 50
Dim sida
If Request.QueryString("sida") = "" then
sida = 1
Else
sida = Request.QueryString("sida")
End If
Dim RecSet
Set RecSet= Server.CreateObject("ADODB.Recordset")
RecSet.CursorLocation = adUseClient
RecSet.CacheSize = perSida
%>
<%
visning = Request.QueryString("lista")
If Request.QueryString("lista") = "alla" then
SQLSats = "select * from links WHERE visa='ja' AND datum<='" & date()-0 & "' ORDER BY datum DESC"
else
SQLSats = "select * from links WHERE visa='ja' AND datum<='" & date()-0 & "' AND typ='" & visning & "' ORDER BY datum DESC"
end if
RecSet.Open SQLSats, Con
If RecSet.EOF Then
Response.Write"<i>Inga länkar hittades!</i>"
Else
RecSet.MoveFirst
RecSet.PageSize = perSida
Dim TotalPages
TotalPages = RecSet.PageCount
RecSet.AbsolutePage = sida
Dim count
%>
<table width="540" border=0 cellspacing="0" cellpadding=0>
<%
Count = 0
Do While Not RecSet.EOF And Count < RecSet.PageSize
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "Driver={MySQL ODBC 5.1 Driver};" & "Server=mysql443.loopia.se;" & "Port=3306;" & "Option=131072;" & "Stmt=;" & "Database=dagligen_se;" & "Uid=minanvandare;" & "Pwd=mittpass"
If farve=1 Then
bg="#FFFFFF"
Farve= Farve + 1
Else
bg="#F1F1F1"
farve=1
End If
%>
<tr bgcolor="<%=bg%>">
<td height="18" valign="top" align="left" width="80">
<%=RecSet("datum")%>
</td>
<td height="18" valign="top" align="left" width="18">
<img src="gfx/<%=RecSet("typ")%>.gif">
</td>
<td height="18" valign="top" width="230">
<a class="kat" href="links.asp?ID=<%=RecSet("ID")%>" target="_blank"><%
strText=RecSet("navn")
If Len(strText) > 30 Then
Response.Write(Left(strText,30) & "..")
Else
Response.Write(strText)
End If
%>
</a></b><br>
</td>
<td width="100">
<%
idr=RecSet("ID")
Set db = Server.CreateObject("ADODB.Connection")
db.Open "Driver={MySQL ODBC 5.1 Driver};" & "Server=mysql443.loopia.se;" & "Port=3306;" & "Option=131072;" & "Stmt=;" & "Database=dagligen_se;" & "Uid=mittlosen;" & "Pwd=mittpass"
SQL = "SELECT Count(*) AS kommentarer From kommentarer WHERE idx='" & idr & "' AND visa='ja'"
Set rs = db.Execute(SQL)
kommentarer = RS.Fields(0)
rs.Close
db.Close
%>
<a class="green" href="kommentera.asp?ID=<%=RecSet("ID")%>">Komment era</a> <a class="green" href="kommentera.asp?ID=<%=RecSet("ID")%>">(<%=kom mentarer%>)</a>
</td>
</tr>
<%
Count = Count + 1
RecSet.MoveNext
Loop
RecSet.Close
Set RecSet = Nothing
%>
<br>
<tr>
<td colspan="4">
<%
If TotalPages <> "1" Then
Dim Pages
For Pages = 1 To TotalPages
%>
<b><a href="alla.asp?lista=<%=visning%>&sida=<%=Pages%>" ><%=Pages%></a> <%Next%> </b>
<%end if%>
</td>
</tr>
</table>
<%end if%>
Eller någon som kan tänka sig att titta på hela scriptet (ca 10 asp-filer) och validera dem i utbyte mot en länk från någon relevant sida?