📄 asp原来登陆时候的那个安全漏洞?.htm
字号:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
<title>ASP原来登陆时候的那个安全漏洞?</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<meta name="generator" content="ExamNever" />
<meta name="author" content="IT" />
<meta name="keywords" content="IT,ASP,PHP,JS(JavaScript),JSP,XML,(X)HTML,CSS,脚本,FAQ,网络应用" />
<meta name="description" content="网络应用常见问题解决方案." />
<link rel="stylesheet" href="./index.css" type="text/css" />
</head>
<body>
<a href="index.html">返回目录</a>
<li class="announce">更多资源请访问>>>BK设计资讯站(<a href="http://www.blue1000.com/">Www.Blue1000.Com</a>)<a href="http://www.blue1000.com/">Www.Blue1000.Com</a></li>
<li class="announce">主要解答:ceocio</li>
<li class="announce">感谢:denghan、ceocio、tigerwen01、ceocio、enrico</li>
<li class="announce">审核者:tripofdream</li>
<h4>ASP原来登陆时候的那个安全漏洞?</h4>
<!--aaaddd--><div style="position:absolute;top:5px;left:200px"><script language="JavaScript"
type="text/JavaScript"></script></div>
<span><script type="text/javascript"><!--
google_ad_width = 728;
google_ad_height = 90;
google_ad_format = "728x90_as";
google_ad_channel ="";
google_color_border = "CCCCCC";
google_color_bg = "FFFFFF";
google_color_link = "000000";
google_color_url = "666666";
google_color_text = "333333";
//--></script>
<script type="text/javascript"
>
</script></span><!--aaaddd-->
<li>-----------------------------------------------------------------------------------------</li><div class="answer">
<br>是什么? <br>
--------------------------------------------------------------- <br>
<br>
你是说登录时用户名和密码都写 '' or '' <br>
--------------------------------------------------------------- <br>
<br>
admin'or'1'='1 <br>
--------------------------------------------------------------- <br>
<br>
where 字段'or'1'='1 <br>
--------------------------------------------------------------- <br>
<br>
这个主要是由于sql查询语句造成的: <br>
select * from admin where username='"&username&"' and password='"&password&"'" <br>
输入了 <br>
admin'or'1'='1 <br>
就变成了: <br>
select * from admin where username='"&admin'or'1'=1&" and password='"&password&"'" <br>
就获得了权限,呵呵! <br>
--------------------------------------------------------------- <br>
<br>
把"'"替换成2个"'",即"''"<br>
</div><a href="./index.html">返回目录</a></body></html><br><script src="http://www.blue1000.com/counter/mystat.asp?style=no"></script>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -