About. NET Security Development from CSDN Vulnerabilities

Source: Internet
Author: User

By: jannock
Http://jannock.cnblogs.com/
---------------------------
Introduction:
CSDN is short for chinese software develop net and is a chinese software development alliance.
China's largest developer technology community
---- Official website of programmer publications
It is a collection of news, forums, groups, blogs, documents, downloads, reading, tags, online extraction, search ,. NET, Java, games, video, talent, outsourcing, second bookstore, programmer, and other projects in one
Large comprehensive IT portal website, which has a very strong professionalism. Its members include more than 90% of excellent programmers in China. IT is the first website in IT communication and surrounding China so far.
(From: Baidu encyclopedia)

Starting from an SQL injection point:
I spent most of my time in the blog Park, and seldom went to csdn. I suddenly burst into a whim and looked at my csdn account for many years (fortunately, I didn't forget my password, haha .)
We can see that CSDN is more powerful than ever before, with more functions and personal space available. Out of curiosity, we can see that most of the code is used. net development, due to recent research. net security, so I accidentally entered "" in the personal space to search for the desired interface:

Input "aa --" again. If there is an injection, the returned result is normal. "--" Comments the following SQL statement
:

The returned result is normal, but the following search data is gone. I thought, is there a legendary SQL injection?
Out of curiosity, I tried again. The results returned by "a and 1 = 1 --" and "a and 1 = 2 --" are the same. Alas, it seems that the injection exists, however, this injection point is relatively hidden and troublesome to use.
To prove the existence of SQL injection. After entering a few SQL statements again, the result is an incorrect statement. The system displays an error page and the correct statement returns normal.
Unfortunately, I don't know the table structure, or I will use it... (After several guesses, I found several tables... However, the CSDN database design is still complicated)

Cross-Site vulnerability:
Cross-Site vulnerabilities are gaining more and more attention in today's web networks. Isn't CSDN concerned?
On the sharing page, I sent the following message to my space:

After the return is normal, but then return to the home page:

I can't delete it even if I find it is deleted. Is it because of the special symbols that make js errors? Is it the legendary script injection? With questions, I checked the page source code and found that:

Have you noticed? Js is truncated by my input. Then enter "http: // id = ("
Appears

Check the source code and change it:

Span class = "time"> span> a class = "delete" onclick = "return $ Confirm (this);" href =Javascript: CheckDelete ("xxxxx", "http: // & #39; onmouseover = alert (xxs) id = (", "15:59:15. 853 "," Share "," "," UserAction_2113284 "," 20080908 ")> Delete a>
Look at other vulnerabilities:
Brute-force Path Vulnerability:
Input: http://counter.csdn.net/pv.aspx? Id = 342% 27

Another SQL injection vulnerability:


It can be seen that this is completely injecting ..
Other error information:

 


For a sound program, error handling should be blocked, and any errors will bring danger to the program.
Multiple php brute-force path vulnerabilities were also found. Here we only talk about. net, so we will not give it.
There is also a very dangerous SQL injection vulnerability that can directly operate the database:


For security reasons, no attack address is provided here...
Pay attention to. net Security Development...
(This article is only used for learning and communication. Please do not use the vulnerability to attack your website)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.