Experience with intrusion asp.net Web sites with code _ security Tutorials

1,
For Web sites that you typically encounter. Net
Usually registers a user
The first choice uses the flaw which uploads the judgment to add the picture head gif89a smoothly spared

2,
The second is to inject, after the id=xx, add a single quote "'"
In general, you can find the bug page with Nbsi D to scan.
And most of the domestic. NET uses the MSSQL database
The discovery of the injection point can also be done from login. In fact, this method currently has a success rate of 75%


3,
But the search-type, and no error message back to the time when it was stuck here
You can take a look at a search-type injected article on the Web. Lucky, database and Web together
Write backup LOG statements directly in search if the input box limit character can be local to do a post form
You can also use Wsockexpert to grasp the value of the search.aspx after the analysis of the injected statement
It's better to get the path. As long as Web.config
The code is as follows:

<!--web.config configuration file-->

<configuration>
<system.web>
<customerrors mode= "on"/> ' here is off and fails.
</system.web>
</configuration>

Then you just need to have any file name before
If allyesno.aspx change to ~allyesno.aspx to get the Web absolute path smoothly


4,
Good luck, found landing backstage:
For example: http://allyesno.cnblogs.com/admin/login.aspx
If you enter a password error return to http://allyesno.cnblogs.com/admin/error.aspx
If you enter http://allyesno.cnblogs.com/admin%5Cindex.aspx, you might be able to bypass validation.


5,
Background Rao Method:
' or ' = '
' or ' = '
Or
' or ' = ' or '
' or ' = ' or '