Форум АНТИЧАТ - XSS Attack IIS 5.0&Win2000&NetScape

Привет всем !
Вот ломаю сайт магазина..
Вырыл инфу думаю очень полезную..но сам прикол я не очень знаком с БД и SQL .. думаю поможете до
конца атаку провести..
========================================

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>
<%
Response.ExpiresAbsolute = now()-2
Response.Addheader "pragma","no-cache"
Response.Addheader "cache-control","private"
Response.Cachecontrol="no-cache"
%>

<%
Dim Recordset1
Dim Recordset1_numRows
if Request.QueryString("EMAIL") > "" then
Set Recordset1 = Server.CreateObject("ADODB.Recordset")
Recordset1.ActiveConnection = MM_ORADB_STRING
Recordset1.Source = "SELECT PROGRESSIVO, PASSWD FROM BRAINCS.SOGGETTI WHERE EMAIL='"&Request.QueryString("EMAIL")&"'"
Recordset1.CursorType = 0
Recordset1.CursorLocation = 2
Recordset1.LockType = 3
Recordset1.Open()
Recordset1_numRows = 0
End if
%>
<%
' *** Recordset Stats, Move To Record, and Go To Record: declare stats variables
' set the record count
Recordset1_total = Recordset1.RecordCount
' set the number of rows displayed on this page
If (Recordset1_numRows < 0) Then
Recordset1_numRows = Recordset1_total
Elseif (Recordset1_numRows = 0) Then
Recordset1_numRows = 1
End If
' set the first and last displayed record
Recordset1_first = 1
Recordset1_last = Recordset1_first + Recordset1_numRows - 1
' if we have the correct record count, check the other stats
If (Recordset1_total <> -1) Then
If (Recordset1_first > Recordset1_total) Then Recordset1_first = Recordset1_total
If (Recordset1_last > Recordset1_total) Then Recordset1_last = Recordset1_total
If (Recordset1_numRows > Recordset1_total) Then Recordset1_numRows = Recordset1_total
End If
%>
<%
' *** Recordset Stats: if we don't know the record count, manually count them
If (Recordset1_total = -1) Then
' count the total records by iterating through the recordset
Recordset1_total=0
While (Not Recordset1.EOF)
Recordset1_total = Recordset1_total + 1
Recordset1.MoveNext
Wend
' reset the cursor to the beginning
If (Recordset1.CursorType > 0) Then
Recordset1.MoveFirst
Else
Recordset1.Requery
End If
' set the number of rows displayed on this page
If (Recordset1_numRows < 0 Or Recordset1_numRows > Recordset1_total) Then
Recordset1_numRows = Recordset1_total
End If
' set the first and last displayed record
Recordset1_first = 1
Recordset1_last = Recordset1_first + Recordset1_numRows - 1
If (Recordset1_first > Recordset1_total) Then Recordset1_first = Recordset1_total
If (Recordset1_last > Recordset1_total) Then Recordset1_last = Recordset1_total
End If
%>
<html>
<head>
<title>Ricerca password</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<%if(Recordset1_total)=1 then
if Request.QueryString("REGISTRAZIONE")=1 then
HTML = HTML&"Ecco i tuoi dati per accedere a www.SAMPLE.it:<br>"
else
HTML = HTML&"Cerca password su www.SAMPLE.it<br>"
end if
HTML = HTML&"<br>Utente: "&(Recordset1.Fields.Item("PROGRESSIVO").Value )
HTML = HTML&"<br>Password: "&(Recordset1.Fields.Item("PASSWD").Value)
if Request.QueryString("REGISTRAZIONE")=1 then
ogg = "Registrazione su www.SAMPLE.it"
red = "../../generic_home.htm?SID="&request.QueryString("SID")& Request.Form("SID")&"&ID=251"
else
ogg = "Cerca Password su www.SAMPLE.it"
red = "../../generic_home.htm?SID="&request.QueryString("SID")& Request.Form("SID")&"&ID=225"
End if
Dim objMail
Set objMail = CreateObject("CDONTS.NewMail")
objMail.From = "sales@SAMPLE.it"
objMail.To = Request.QueryString("EMAIL")
objMail.Bcc = "sales@SAMPLE.it, web.notify@playnet.it"
objMail.Subject = ogg
objMail.BodyFormat = 0
objMail.MailFormat = 0
objMail.Body = HTML
objMail.Send
response.redirect(red)
else
if (Recordset1_total)=0 AND Request.QueryString("REGISTRAZIONE")=1 then
%>
<script language="JavaScript">
document.location="../../generic_home.htm?SID=<%=request.QueryString("SID") &Request.Form("SID")%>&ID=284"
</script>
<%
end if
if(Recordset1_total)=0 AND Request.QueryString("REGISTRAZIONE")<>1 then
%>
<script language="JavaScript">
document.location="../../generic_home.htm?SID=<%=request.QueryString("SID") &Request.Form("SID")%>&ID=226"
</script>
<%
End if
if(Recordset1_total)>1 then
%>
<script language="JavaScript">
document.location="../../generic_home.htm?SID=<%=request.QueryString("SID") &Request.Form("SID")%>&ID=283"
</script>
<%
End if
End if
%>
<br>
</body>
</html>
<%
Recordset1.Close()
%>

=======================================

помогите кто разбираеться..