A Better Member-Based ASP Photo Gallery SQL Injection patch Analysis

Source: Internet
Author: User

Riusksks blog

Previously, an SQL injection vulnerability about A Better Member-Based ASP Photo Gallery was published on milw0rm:Http://www.milw0rm.org/exploits/8012And then it was officially repaired. If you open the following address:Http://www.ontarioabandonedplaces.com/ipguardian/gallery/view.asp? Entry =-1 + union + select + 0, title, 2, creator, longpolling, 5, pics + from + photos
The following statement is displayed:

You poor shithead, SQL injection is for kids.

Download the patch code below:

This is used to delete images
IfRequest. Form ("btnDelete") = DeleteButtonLabel Then
Val = request. form ("fval ")
Else
Val = request. querystring ("Entry")
Val =Replace(Val,"+","")Replace "+" with "". In fact, this filtering is not a waste, because we can use other symbols to replace spaces,For example, you can use the annotator/**/to replace it. This is also very common.
Val =Replace(Val,"-","")Replace "-" ""
Val =Left(Val, 4)Only four characters on the left of val can be used. This operation is tough enough to limit the length of the injection statement.
End if
Above gets either location id from whats passed in wiki string or
From delete form belOw

SetObjConn = Server.CreateObject("ADODB. Connection")
ObjConn. Provider ="Microsoft. Jet. OLEDB.4.0"
Objconn. ConnectionString ="Data Source ="& Server. Mappath("Databasephotodb. mdb")
Objconn. open
StrSQL ="SELECT * FROM photos where id ="& ValAdd the variable val to an SQL statement

 SetObjRS = objConn. Execute (strSQL)Execute SQL

In fact, the preceding SQL injection vulnerability still exists, but it increases the difficulty of exploitation. limit the injection statement to four characters. you can discuss how to break through this limitation!

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.