This loophole is actually a lot of sites exist, especially the use of ASP to write chat rooms, BBS, etc. (Other languages I do not understand, but I think there will be in this respect
of the hole. )。
In general, when we verify that the user is legitimate, we use the following statement:
Set Db=server. CreateObject ("Adodb.recordset")
Sqlstr=select * FROM table where user= ' "&request (" User ") &" ' and Password= ' "&request (" password ") &" ' "
Db.open sqlstr, "DSN=AA;", 1 then detects whether the resulting table is empty, if it is empty, the user is illegal, and if not NULL, the user is legal.
If db.eof and Db.bof then
ok= "No"
Else
ok= "Yes"
End If this is a technical point of view of the specification, but from a security point of view there is a very large hole. Because we can construct a special user
Passwords and user names to enter the protected system.
user= ' AA ' or user<> ' AA '
password= ' AA ' or password<> ' AA '
The corresponding User name box in the browser end is written to: AA ' or user<> ' AA
Password box to write: AA ' or password<> ' AA, note that both ends of the string are not '.
So you can successfully cheat the system and enter.
Although the theory is so, it is very difficult to practice, the following two conditions must have.
1. You need to be able to know exactly which two fields the system uses in the table to store user names and passwords, so that you can accurately construct the attack
A string of sex. In fact, it's hard to guess.
2. The system does not check the validity of the string you have entered.
From here you can see that the source code leaks are sometimes fatal!!
I figured out a solution:
1. As Yexiaolu said, separate write, you can look at his posts.
2. The field that stores the username and user password is taken two unrelated names, so that the attacker could not guess.
3. Enter the user input data into the validity check, such as replace it.
4. You can consider the password for simple encryption, such as the input of the password string to transform the character in the string position, etc. can effectively prevent this into
Attack.
5. The most important point, do not disclose your source code!!!!
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
