SQL General-purpose anti injection system asp version of vulnerability-vulnerability warning-the black bar safety net

2012-05-14T00:00:00
ID MYHACK58:62201233877
Type myhack58
Reporter 佚名
Modified 2012-05-14T00:00:00

Description

Tonight the group of friends called to see a station, there is a sql anti injection, around however, but have found that recording the wrong file sqlin. asp.

!

Since doing the recording, and then view its log file

!

So thinking about the structure of the asp word written into it, in front of several no-encryption failed, then write the encrypted

┼Pay offs number 畣 whole 爠 Hwan enemy 瑳∨≡┩anger password a (The encryption method is: ANSI->Unicode) Submit and 1= ┼pay offs number 畣 whole 爠 Hwan enemy 瑳∨≡┩anger

!

<http://www.xxx.cn/sqlin.asp> chopper is connected successfully

!

+----------------------------------------------------------------------------------------------------------------------- ---------------------+

In fact, the process is not difficult, it's technical difficulty, but sometimes come across such a recording injected into the wrong site, the more convenient way is good.

Also, in addition, Baidu the next, found that half of the pit soil farmers have found a similar, but, uh, go to his blog to see when the , waterfall sweat ! !