I published an article on advanced application of injection transfer, which mentioned the breakthrough in anti-injection. The following is an example of an early animated video, which is now converted into an article.
Bytes ----------------------------------------------------------------------------------------
Today, I met a website.
Http://www.etwj.net/ B2B _cpinfo.asp? Id = 832
Wow, B2B Baier buys a mall. It's cheaper for me.
With oday DE> DE> Of course, there are other vulnerabilities, but today we mainly use this
But when I enter, I find that
This
Preview source code
Bad luck. The original Bell buy only defends against get injection, and now does not even defend against post? What should I do. Someone may think of using cookies for injection.
However, if we use cookies injection to bypass injection, that article will be... Too..., I do not dare to send it in t00ls either.
Analyzed below
Use of the original anti-injection get Model DE> DE> This code can be used to bypass id --> % 69d
I guess that post can also be used ??
I learned asp ..... the parameters in the post form cannot be url encoded, that is, <input type = text name = id value = ""> <input type = text name = % 69d value = ""> it does not work.
That is, you cannot construct the form to put the id --> % 69d
What should we do ??
At this time, I thought of the great lonely hedgehog.
Generate a transit
Preview source code print about
| DE> 01 DE> |
DE> Dim DE> DE> Fy_Url, Fy_a, Fy_x, Fy_Cs (), Fy_Cl, Fy_Ts, Fy_Zx DE> |
| DE> 02 DE> |
DE> Fy_Cl = 1 DE> |
| DE> 03 DE> |
DE> Fy_Zx = DE> DE> "index. Asp" DE> |
| DE> 04 DE> |
DE> On DE> DE> Error DE> DE> Resume DE> DE> Next DE> |
| DE> 05 DE> |
DE> Fy_Url = Request. ServerVariables ( DE> DE> "QUERY_STRING" DE> DE>) DE> |
| DE> 06 DE> |
DE> Fy_a = split (Fy_Url, DE> DE> "&" DE> DE>) DE> |
| DE> 07 DE> |
DE> redim Fy_Cs (ubound (Fy_a )) DE> |
| DE> 08 DE> |
DE> On DE> DE> Error DE> DE> Resume DE> DE> Next DE> |
| DE> 09 DE> |
DE> for Fy_x = 0 to ubound (Fy_a) DE> |
| DE> 10 DE> |
DE> Fy_Cs (Fy_x) = left (Fy_a (Fy_x), instr (Fy_a (Fy_x ), DE> DE> "=" DE> DE>)-1) DE> |
| DE> 12 DE> |
DE> DE> DE> Fy_x = 0 to ubound (Fy_Cs) DE> |
| DE> 13 DE> |
DE> If DE> DE> Fy_Cs (Fy_x) <> DE> DE> "" DE> DE> Then DE> |
| DE> 14 DE> |
DE> If DE> DE> Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "and" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "select" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "update" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "chr" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "delete % 20 from" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> ";" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "insert" DE> DE>) <> 0 or Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "mid" DE> DE>) <> 0 DE> DE> Or DE> DE> Instr (LCase (Request (Fy_Cs (Fy_x ))), DE> DE> "master ." DE> DE>) <> 0 DE> DE> Then DE> |
| DE> 15 DE> |
DE> Select DE> DE> Case DE> DE> Fy_Cl DE> |
