The new universal login password-vulnerability warning-the black bar safety net

ID MYHACK58:62200923345
Type myhack58
Reporter 佚名
Modified 2009-05-24T00:00:00


Black hand 5 monthly on oldjun article, Others sample issues are all here,on TMB I received less than a-.-. Articles taken are as follows: There are many online such login authentication code <% username=trim(Request. Form("username")) password=trim(Request. Form("password")) sql="Select * FROM admin Where user='"&username&"'" Set rs=Server. CreateObject("adodb. recordset") rs. Open sql,conn,1,1 if rs. eof then checksysUser=FALSE else passwd=trim(rs("pwd")) if passwd=password then Session("admin")=username checksysUser=TRUE else checksysUser=FALSE end if End if rs. close conn. close if checksysUser=true then Response. Redirect("main. asp") else errmsg="<font color=#FF0000><b>user name input error, please re-enter!& lt;/b></font>" end if %> First in the database query the user name corresponding password,and then another and the user input password comparison,resulting in'or'='or'such a universal login password loss Effect. But if in the above program,the user name input' UNION Select 1,1,1 FROM admin Where "='password input 1,Can the successful landing,the principle is very simple,not much to say. By the way attach oldjun statement:' UNION Select 1,1,1 AS pwd FROM admin Where "='