Anti-injection program to get a shell and fix-vulnerability warning-the black bar safety net

ID MYHACK58:62201129812
Type myhack58
Reporter 佚名
Modified 2011-03-21T00:00:00


When you use single quotes“’”to test a website there may be injection vulnerability in the address, assuming the URL is“www.xxxx/news.asp?id=6”pop“your operation has been recorded!” Such information, and we can't go to bypass anti-injection system, you can try to submit http://www. xxxx/sqlin. asp look at the storage does not exist“sqlin. asp”, if it exists, we just submitted” http:// www.xxxx/news.asp?id=6’“, and then use the word Trojan client to connect to http://www. xxxxx/sqlin. the asp file on the line, because currently many common anti-injection procedures are used to”sqlin. asp“this file name to do illegal recording of the database, and most are not anti-download processing

Fix: downloaded+renamed