ASP, Request object and SQL Injection

Source: Internet
Author: User
Tags form post servervariables

Request object Discussion

A Request is an internal object in ASP. It is used to obtain any information (such as header information, form data, cookies, and so on) transmitted in an HTTP Request ). Therefore, this is the most common internal object in ASP. It is often used to obtain the data submitted by the GET method (Request. queryString), form POST submitted data (Request. form) and Cookies (Request. cookies ).

The Request object can be used to obtain the data submitted in a specific method. For example, we use this code to obtain the value of lake2 submitted through POST: request. form ("lake2"); While request. queryString ("CSDN") obtains the CSDN value submitted in GET mode.

For HTTP data retrieval, ASP also provides a simpler method: request (key), that is, directly using the request without specifying the data set. In this case, ASP checks the matched data in QueryString, From, Cookies, ServerVariables, ClientCertificate, and Browser sequentially. If any data is found, ASP returns the data.

In the preceding six sets, the variables ServerVariables, ClientCertificate, and Browser are fixed, while the variables of QueryString, From, and Cookies can be specified at will. I don't think Cookies can be used to transmit any data. I didn't pay attention to them before.

OK, test first. Create the test. asp file in the local web directory. The content is: <% = request ("B") %>

Step 1: directly access kE2 "> http: // 127.0.0.1/test. asp? B = la <B> k </B> e2, the browser displays lake2

Step 2: Construct the form and submit the result, as shown in step 1.

Step 3: Construct a form. GET passes the B value as "He", and POST B is "She", and the browser displays it as "He ". Haha, There is a priority for sorting by the previous one.

Step 4: Telnet to the local port 80 and construct the HTTP request as follows (pay attention to Cookies ):

GET/test. asp HTTP/1.1
Accept :*/*
Accept-Language: zh-cn
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; TencentTraveler;. net clr 1.1.4322)
Host: 127.0.0.1
Connection: Keep-Alive
Cookie: B = lake2, Success!

After a bunch of server response data, we can see "lake2, Success! "(Q: Why is the space gone? A: Because URL encoding is not performed on submitted spaces ).

At this point, we have already combined theory with practice to prove that Cookies can be used to transmit data.

Request object and SQL Injection

Now let's turn to SQL Injection.

SQL injection attacks are an attack that harms servers because Web applications do not filter harmful data submitted by users. Note: here we need to submit data. Naturally, we need to contact you with a lot of requests.

In the final analysis, SQL Injection in ASP is because the request parameters are not filtered or are not strictly filtered. Of course, programmers are not security experts and may not know how to filter.

As a result, there is a general anti-injection ASP program on the network-"SQL universal anti-injection system ". After a period of improvement with several authors, the program has been relatively complete and can basically intercept SQL injection (however, I personally think that its filtering method is too strict, resulting in a lot of inconvenience ). "SQL general anti-injection system" is an asp file. You only need to include it in the file submitted by the parameter. The principle of program filtering is to traverse the values of GET and POST parameters, and find that SQL Injection keywords (such as and select) Stop normal file execution.

Hey, it traverses GET and POST, that is, the QueryString and From sets of the Request object, ignoring Cookies.

Now, let's assume that there is an ASP program with full loopholes in SQL Injection. administrators with network security knowledge can download and use the legendary "SQL universal anti-Injection system" on the Internet, but unfortunately, all parameters obtained in ASP are request (key )...... (Haha, watching the blockages break through one by one, that's a great deal of enjoy ^_^)

This is just an assumption. It is not clear how many ASP programmers actually like to use the request (key) to obtain data.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.