About. Net Security Development from csdn Vulnerabilities

About. Net Security Development from csdn Vulnerabilities
By: jannock

Http://jannock.cnblogs.com/

---------------------------
Introduction:
Csdn is short for Chinese software develop net and is a Chinese software development alliance.
China's largest developerTechnical Community
----《ProgramMember publications Official Website
It is a collection of news, forums, groups, blogs, documents, downloads, reading, tags, online extraction, search ,. net, Java, games, video, talent, outsourcing, second bookstore, programmer, and other projects in one
Large comprehensive IT portal website, which has a very strong professionalism. Its members include more than 90% of excellent programmers in China. It is the first website in it communication and surrounding China so far.
(From: Baidu encyclopedia)

 

Starting from an SQL injection point:

I spent most of my time in the blog Park, and seldom went to csdn. I suddenly burst into a whim and looked at my csdn account for many years (fortunately, I didn't forget my password, haha .)

We can see that csdn is more powerful than ever before, with more functions and personal space available. Out of curiosity, mostCodeThey are all developed using. net. Due to the recent research on. NET security, the input of "'" in the personal space search may miraculously display the expected interface:

Input "AA" -- ". If there is an injection, the return result is normal. "--" Comments the following SQL statement

:

The returned result is normal, but the following search data is gone. I thought, is there a legendary SQL injection?

Out of curiosity, I tried "A' and 1 = 1 --" and "A' and 1 = 2 --" and returned the same results. Alas, it seems that the injection exists, however, this injection point is relatively hidden and troublesome to use.

To prove the existence of SQL injection. After entering a few SQL statements again, the result is an incorrect statement. The system displays an error page and the correct statement returns normal.

Unfortunately, I don't know the table structure, or I will use it... (After several guesses, I found several tables... However, the csdn database design is still complicated)

 

Cross-Site vulnerability:

Cross-Site vulnerabilities are gaining more and more attention in today's Web networks. Isn't csdn concerned?

On the sharing page, I sent the following message to my space:

After the return is normal, but then return to the home page:

 

I can't delete it even if I find it is deleted. Is it because of the special symbols that make JS errors? Is it the legendary script injection? With questions, I checked the page source code and found that:

Have you noticed? JS is truncated by my input. Then enter "http: // 'onmouseover = alert ('xxs') id = '("

Appears

Check the source code and change it:

 

<SpanClass="Time"> Just now </Span> <AClass="Delete"Onclick="Return $ confirm (this );"Href='Javascript: checkdelete ("XXXXX", "http ://'Onmouseover=Alert ('xxs ')ID='("," 15:59:15. 853 "," share "," "," useraction_2113284 "," 20080908 ")'> Delete </A>
 

Look at other vulnerabilities:

Brute-force Path Vulnerability:

Input: http://counter.csdn.net/pv.aspx? Id = 342% 27

 

Another SQL injection vulnerability:

 

It can be seen that this is completely injecting ..

Other error information:

 

For a sound program, error handling should be blocked, and any errors will bring danger to the program.

Multiple PHP brute-force path vulnerabilities were also found. Here we only talk about. net, so we will not give it.

There is also a very dangerous SQL injection vulnerability that can directly operate the database:

 

For security reasons, no attack address is provided here...

Pay attention to. Net Security Development...

(ThisArticleIt is only used for learning and communication. Do not use vulnerabilities to attack your website)