About. NET Security Development from CSDN Vulnerabilities

By: jannock
Http://jannock.cnblogs.com/
---------------------------
Introduction:
CSDN is short for chinese software develop net and is a chinese software development alliance.
China's largest developer technology community
---- Official website of programmer publications
It is a collection of news, forums, groups, blogs, documents, downloads, reading, tags, online extraction, search ,. NET, Java, games, video, talent, outsourcing, second bookstore, programmer, and other projects in one
Large comprehensive IT portal website, which has a very strong professionalism. Its members include more than 90% of excellent programmers in China. IT is the first website in IT communication and surrounding China so far.
(From: Baidu encyclopedia)

Starting from an SQL injection point:
I spent most of my time in the blog Park, and seldom went to csdn. I suddenly burst into a whim and looked at my csdn account for many years (fortunately, I didn't forget my password, haha .)
We can see that CSDN is more powerful than ever before, with more functions and personal space available. Out of curiosity, we can see that most of the code is used. net development, due to recent research. net security, so I accidentally entered "" in the personal space to search for the desired interface:

Input "aa --" again. If there is an injection, the returned result is normal. "--" Comments the following SQL statement
:

The returned result is normal, but the following search data is gone. I thought, is there a legendary SQL injection?
Out of curiosity, I tried again. The results returned by "a and 1 = 1 --" and "a and 1 = 2 --" are the same. Alas, it seems that the injection exists, however, this injection point is relatively hidden and troublesome to use.
To prove the existence of SQL injection. After entering a few SQL statements again, the result is an incorrect statement. The system displays an error page and the correct statement returns normal.
Unfortunately, I don't know the table structure, or I will use it... (After several guesses, I found several tables... However, the CSDN database design is still complicated)

Cross-Site vulnerability:
Cross-Site vulnerabilities are gaining more and more attention in today's web networks. Isn't CSDN concerned?
On the sharing page, I sent the following message to my space:

After the return is normal, but then return to the home page:

I can't delete it even if I find it is deleted. Is it because of the special symbols that make js errors? Is it the legendary script injection? With questions, I checked the page source code and found that:

Have you noticed? Js is truncated by my input. Then enter "http: // id = ("
Appears

Check the source code and change it:

Span class = "time"> span> a class = "delete" onclick = "return $ Confirm (this);" href =Javascript: CheckDelete ("xxxxx", "http: // & #39; onmouseover = alert (xxs) id = (", "15:59:15. 853 "," Share "," "," UserAction_2113284 "," 20080908 ")> Delete a>
Look at other vulnerabilities:
Brute-force Path Vulnerability:
Input: http://counter.csdn.net/pv.aspx? Id = 342% 27

Another SQL injection vulnerability:

It can be seen that this is completely injecting ..
Other error information:

 

For a sound program, error handling should be blocked, and any errors will bring danger to the program.
Multiple php brute-force path vulnerabilities were also found. Here we only talk about. net, so we will not give it.
There is also a very dangerous SQL injection vulnerability that can directly operate the database:

For security reasons, no attack address is provided here...
Pay attention to. net Security Development...
(This article is only used for learning and communication. Please do not use the vulnerability to attack your website)