SQL injection-full touch of ASP Injection Vulnerability

Introduction
With the development of B/s pattern application development, more and more programmers use this pattern to write applications. But because the entry threshold of the industry is not high, the level of programmers and experience is uneven, a large number of programmers in the code, not the user input data to judge the legality, so that the application has security problems. Users can submit a database query code, based on the results returned by the program to obtain some of the data he wants to know, this is called the SQL injection, that is, SQL injection.
SQL injection is accessed from the normal WWW port, and the surface looks no different from the general Web page access, so the current firewall does not alarm SQL injection, if the administrator does not see the IIS log habits, may be invaded for a long time will not find.
However, SQL injection is quite flexible and can be a lot of surprises when injected. Can be based on the specific situation analysis, the construction of clever SQL statements, so that the successful acquisition of data, is the master and "rookie" the fundamental difference.
According to national conditions, the domestic web site with asp+access or SQL Server accounted for more than 70%, php+mysq accounted for l20%, the other less than 10%. In this article, we from the introduction, advanced to high-level explanation of ASP injection methods and skills, PHP injection of the article by the NB Alliance, another friend Zwell writing, hope for security workers and programmers are useful. Understand the ASP injection of friends also please do not skip the introductory article, because some people to inject the basic method of judgment there are still misunderstanding. Are you ready, everyone? Let ' s go ...
Introductory articles
If you have not tried SQL injection before, then the first step is to remove the check in front of the => tool =>internet option => advanced => display friendly HTTP error message. Otherwise, no matter what error the server returns, IE only displays as an HTTP 500 server error and cannot get more information.
The first section, the principle of SQL injection
The following we start from a website (note: This article was published prior to the station webmaster consent, most of the real data).
On the homepage of the website, it is known as "IE can not open a new window of a variety of solutions" link, Address:/showdetail.asp?id=49, we add single quotes after this address, the server will return the following error message:
Microsoft JET Database Engine error ' 80040e14 '
The syntax error of the string is in the query expression ' id=49 '.
/showdetail.asp, line 8
From this error we can see the following points:
1. The Web site uses an Access database that connects to the database through the jet engine, rather than through ODBC.
2. The procedure does not determine whether the data submitted by the client meets the procedural requirements.
3. The SQL statement queries the table for a field that is an ID.
From the example above, we can see that the principle of SQL injection is to submit special code from the client to collect the information of the program and server, so as to obtain the information you think of.