漏洞文件:AjaxServer.asp 变量:log_files 语句:log_files=Replace(log_files," ","") If Left(log_files,1)="," Then log_files=Right(log_files,Len(log_files)-1) rs("logpics") = log_files '附加文件处理 If log_files <>"" Then oblog.Execute "Update oblog_upfile Set logid=" & tid & " Where fileid In (" & log_files & ")" End if 'Tag处理