ASP database plug horse small conference-vulnerability warning-the black bar safety net

ID MYHACK58:6220069477
Type myhack58
Reporter 佚名
Modified 2006-05-31T00:00:00


lake2 ( )

With the development of technology, ASP database plug horse also is not what fresh stuff, believe you played this. Oh, and that you have not met insert the asp code is spaces apart case? i.e. insertion of each of the characters between the There are spaces for? Now, let us to solve this problem.

After the many cases of actual analysis, I found that as long as the code is space-separated in the database, the corresponding field's Unicode compression attribute is always“no.” On the contrary, as through the Unicode compression property to“Yes”, then you can through this field for plug horses.

After searching, found the official Microsoft for Unicode compression of the description:“Microsoft Access 2 0 0 0 or higher version using the Unicode character encoding scheme to represent text, memo and hyperlink fields in the data. Unicode each character is represented as two bytes...... Need storage space than in Access 9 7 or earlier versions to be more...... Can be“text”,“remarks”or“hyperlink”field of the“Unicode compression”property the default value is set to“Yes”to make up Unicode character way to Express the impact of the”

Oh, turn on Unicode compression, the database will automatically put the Latin characters for Western European languages such as English, Spanish or German use 1 byte to store; if not open, the database will use 2 bytes 1 byte to 0x00, as the text will be automatically converted to spaces to store Latin characters, also resulted in the insertion of the asp code is space-separated.

So, in this case how to plug a horse?

A breakthrough in the Unicode compression there, since the database does not give us the compression, then just let our own to compress it. Very simple, just put the asp code is first converted to Unicode and then re-inserted into the database. I use VB to write a small software to achieve this function, note that since the conversion time is easy to produce non-displayable characters will appear?, the So be carefully constructed code slightly, of course you can also pick up cheap with the figure that I constructed^_^


On the VB, after the conversion of the code length has been reduced by half, Hey, that this Not can be said to be the smallest of the ASP back door of a breakthrough?

The program can be downloaded here: and Oh, Enjoy It!