Web????????????????
???????????? ???????[ 2011/10/18 10:27:21 ] ????????
????1. ???????????? ???web server????sql??????????????sql????????????????????????????????sql?????????????delete all??drop database??????????????????????????????!??????л???????internet??????????????????????У??ж???????????????????web????????????????????
????2. ??????????????????web???????IE???server???DB?????y???????????в??????????????script??????????????;app server????????????????????db server??????????Щ????????????????????ο????script????????Щcase???????????????????????????????????????????????script??????????????form?????????????????????????
????3. ??????????????????????ɡ?
????WEB???????????BUG???
????1??SQL INJETION
????2??????????????????????
????3??COOKIES?????
????4?????????????
??????SQL INJETION????????
????????
???????????????????????news.asp???ò?????????????????????
????http://www.xxx.com/news.asp?id=1????????????
????????????
????rs.open "select * from news where id=" &
????cstr(request("id"))??conn??1??1
???????????в????????????URL??????????????????????
????select * from news where id=1
????????SQL????????????????????????news???id?1???????????
??????????SQL SERVER??select???????????????е???????????URL???
????http://www.xxx.com/news.asp?id=1and 1=(select count(*) from admin
????where left(name??1)=a)
????SQL???????
????select * news where id=1 and 1=(select count(*)
????from admin where left(name??1)=a)
?????????admin?????????????????name??????????????a????news????id?1???????news????id?1?????????????????????????1&P????P??棬??????棬????????????????檔?????????????????????id?????2????????????????????????????ú??????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com