Common "Universal login password": 'or ''='' or 1 = 1; -- 1 or 1 = 1 "or" "=" vulnerability description:
In login. asp, the userid and password data entered by the user are received, assigned to the user and PWD respectively, and then reused.
SQL = " Select * From Admin Where Username = " & User & " And Password = " & PWD & ""
To verify the user name and password.
This is complete if you consider it with common sense.Program. In actual use, the entire program may be used normally.
However, if the userid value and password value are assigned to: safer 'or '1' = '1,
SQL = " Select * From Admin Where Username = " & User & " And Password = " & PWD & "" It becomes:
SQL = " Select * From Reg Where User = ' Safer ' Or ' 1 ' = ' 1 ' And Pass = ' Safer ' Or ' 1 ' = ' 1 ' "
Now, let's take a look at how to solve this problem. As you can see from the above program, you only need to strictly filter the user input data. For details, refer to the following program:< %
User = Request. From ( " Userid " )
Pass = Request. From ( " Password " )
For I = 1 To Len (Userid)
Cl = Mid (Userid, I, 1 )
If Cl = "" Or Us = " % " Or Us = " <〈 " Or Us = " > 〉 " Then
Response. Redirect " Fuck you! "
Response. End
End If
Next
% >
Similarly, the user input data is obtained first, and each character entered by the user is analyzed. if an exception is found, the error page is displayed.
If Cl = "" or US = "%" or US = "<" or US = ">" then "can contain any filter character, depends on the specific situation. Vulnerability repair:
Username = Replace ( Trim ( Request ( "Username" )), "& Rsquo ;" , "" )
Password = Replace ( Trim ( Request ( "Password" )), "& Rsquo ;" , "" )
Filtered "'"
If you want to use "'" as the password, use the following method:
1. Select * from user where user = '"& user &"'"
2. If the returned result is not false, the password is used.
Pass = RS ("passwd ")
3. Judgment: If pass = Password
4. Draw conclusions.