SQL General-purpose anti injection system asp version of vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201233877
Type myhack58
Reporter 佚名
Modified 2012-05-14T00:00:00


Tonight the group of friends called to see a station, there is a sql anti injection, around however, but have found that recording the wrong file sqlin. asp.


Since doing the recording, and then view its log file


So thinking about the structure of the asp word written into it, in front of several no-encryption failed, then write the encrypted

┼Pay offs number 畣 whole 爠 Hwan enemy 瑳∨≡┩anger password a (The encryption method is: ANSI->Unicode) Submit and 1= ┼pay offs number 畣 whole 爠 Hwan enemy 瑳∨≡┩anger


<http://www.xxx.cn/sqlin.asp> chopper is connected successfully


+----------------------------------------------------------------------------------------------------------------------- ---------------------+

In fact, the process is not difficult, it's technical difficulty, but sometimes come across such a recording injected into the wrong site, the more convenient way is good.

Also, in addition, Baidu the next, found that half of the pit soil farmers have found a similar, but, uh, go to his blog to see when the , waterfall sweat ! !