???????????
???????????? ???????[ 2011/9/7 11:04:51 ] ????????
???????????????????????е??????????????????????????????????????????????????????
????1??????????????
?????Щ?????????????????????????????????????????Щ???????????????????????????????ù????????????????Щ?????????????磬???????????????CVE??Common Vulnerabilities and Exposures????????Element InstantShop?е?Web???add_2_basket.asp??????????????????????????????????????price??????????????????????????????????
<INPUT TYPE = HIDDEN NAME = "id" VALUE = "AUTO0034">
<INPUT TYPE = HIDDEN NAME = "product" VALUE = "BMW545">
<INPUT TYPE = HIDDEN NAME = "name" VALUE = "Expensive Car">
<INPUT TYPE = HIDDEN NAME = "price" VALUE = "100">
??????????????????????????????????趨price??ε???????????InstantShop????????????????????????100????????????BMW545??
?????????????????????????÷???????д?????顣?????????飬??????????????????Щ?????????м?飬???磺Paessler Site Inspector??Web Developer???
????2??SQL???
????SQL????????????????????????????????SQL?????????????????????????????????????????????й??????????????????????????磬???????δ??????SQL????????????
SqlConnection sqlcon = sqlconnA;
//??????
sqlcon.Open();
//????????????
SqlCommand cmd = "select count(*) from User where LogonName = ??" + this.textBox1.Text +???? and Password = ????+this.textBox2.Text;
SqlDataAdapter adpt = new SqlDataAdapter(cmd?? sqlcon);
DataSet ds = new DataSet();
adpt.Fill(ds);
//???????
sqlcon.Close();
//????????????????????????
If(ds.Tables[0].Rows.Count>0)
{
retuen true;
}
else
{
Return false;
}
??????δ????textBox1????????????????????textBox2????????????????????????????????????????textBox1??????????????????????????????????Щ?????????????????????????????????????????SQL Server?????????????????????????????????????????????textBox1????????м??ɡ?
Admin?? or ??1?? = ??1
?????????????????????Admin???????????????????????????????SQL????????????????????????????SQL Server???????е????????????????????
select count(*) from user where LogonName = ??Admin?? or ??1??=??1?? and Password=????
????????1=1????????????????????棬???????????????????????????????????????????????????
??????????????????SQL???????????e????????飬???????漰SQL??????????????????????????????????????
????3???????????
????????????????Internet???????????а?????????????????????????????????????????Щ?????????????????????й????????????1?????????????????????????C????????????????????????????????????????????????????????????????????????????????
???????磬?????????C???????????????????????????
char buf[20];
gets(buf);
??????????gets????????stdin?????????????????????????????????????????????£?
char buf[20];
char prefix[] = "http://";
strcpy(buf??prefix);
strncat(buf??path??sizeof(buf));
?????????????????sizeof????????????????buf???С??????buf????????С??
?????????
?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????Щ???????????????Щ?????????????????????????AppVerifier???
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com