SQL injection is accessed from the normal WWW port, and the surface seems to be no different from the general Web page access, so the current firewall in the market does not alert SQL injection, if the administrator does not view the IIS log habits, may be invaded for a long time will not be detected.
With the development of B/s pattern application development, more and more programmers use this model to write applications. However, due to the lack of entry threshold in this industry, the level and experience of programmers is also uneven, a large part of the programmer in writing code, the user does not judge the legality of input data, so that the application has a security risk. The user can submit a database query code, according to the results returned by the program, to obtain some of the data he wants to know, this is called SQL injection, that is, SQL injection.
SQL injection is accessed from the normal WWW port, and the surface seems to be no different from the general Web page access, so the current firewall in the market does not alert SQL injection, if the administrator does not view the IIS log habits, may be invaded for a long time will not be detected.
However, the approach of SQL injection is quite flexible, and there are many unexpected situations when injected. Can analyze according to the specific situation, constructs the ingenious SQL statement, thus obtains the desired data successfully, is the master and "rookie" the fundamental difference.
full access to SQL Injection Vulnerability-Introductory article
SQL injection is accessed from the normal WWW port, and the surface seems to be no different from the general Web page access, so the current firewall in the market does not alert SQL injection, if the administrator does not view the IIS log habits, may be invaded for a long time will not be detected.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449834.aspx
SQL Injection Vulnerability full contact--Advanced article
SQL injection of the general steps, first of all, to determine the environment, find injection points, determine the database type, and secondly, according to the type of injection parameters, in the mind to reconstruct the original SQL statement.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449870.aspx
SQL Injection Vulnerability full contact-Advanced article
After reading the introductory and advanced articles, a little practice, crack the general website is no problem. But how can you increase the success rate of injection if you don't guess the name of the list, or if the program author filters some special characters? How to improve the efficiency of the guessing solution?
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449883.aspx
SQL injection method Attack Day pass
The simple principle of SQL injection and the general steps of the attack, the author wants to let people learn SQL injection attack one day.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449901.aspx
advanced SQL injection in SQL Server applications
This document is a detailed discussion of SQL injection technology, which adapts to the more popular Iis+asp+sqlserver platform. It discusses which SQL statements can be injected into the application in a variety of ways, and records data validation and database locking associated with the attack.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449913.aspx
write a generic ASP anti-SQL injection attack program
If you write generic SQL anti-injection program general HTTP request is just get and post, so as long as we filter all the post or GET request in the file of the parameter information in the illegal characters can, so we implement the HTTP request information filtering can be judged whether it is a SQL injection attack.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449925.aspx
Use the InStr () function to prevent SQL injection attacks
Learning ASP also has a period of time, these days have been writing their own procedures, also encountered a lot of problems, I have to consider some of the current loopholes, such as, ' OR and 1=1 and so on some loopholes! I'll tell you how to block the loophole today. Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449932.aspx
the principle of SQL injection attack and its preventive measures
ASP programming threshold is very low, novice easily on the road. In a short period of time, the novice is often able to make up a seemingly perfect dynamic site, in the function, the veteran can do, the novice can do.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449940.aspx
cross-site SQL injection Tips
Learn how to get what you want from a database.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449948.aspx
Prevent SQL injection attacks
SQL injection attacks are the main reason why SQL injection attacks are successful when you use a design vulnerability to run SQL commands on the target server and to perform other forms of attack dynamically generating SQL commands without validating the data entered by the user.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449951.aspx
prevention of SQL injection attack in Dreamweaver
In terms of security, the most overlooked issue for novices is the SQL injection vulnerability. Using NBSI 2.0 to scan some ASP websites online, we can find that many ASP websites have SQL injection vulnerabilities. Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449953.aspx
PHP and SQL injection attacks
SQL injection attacks are the most common means by which hackers attack websites. If your site does not use strict user input validation, it is often vulnerable to SQL injection attacks. SQL injection attacks are typically implemented by submitting bad data or query statements to the site database, which is likely to expose, change, or delete records in the database. Let's talk about how SQL injection attacks are implemented and how to prevent them.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449956.aspx
SQL injection attack 0 distance
Time and time of the SQL injection intrusion, time and again the site is black, always that sentence, loopholes are unavoidable, there is no way to do it? This article is for everyone to analyze the principle of SQL injection, and give some prevention methods.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449959.aspx
SQL injection technology and detection of cross-site scripting attacks
In the last two years, security experts should pay more attention to the attack of the network application layer. Because no matter how strong the firewall rules or the patching mechanism, if your Web application developer does not follow the security code for development, the attacker will enter your system via port 80.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449961.aspx
Rookie Entry level: SQL injection Attack
General domestic small point of the news site program has "" &request this vulnerability, below I explain the attack method.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449963.aspx
three-step blocking SQL Injection Vulnerability
Defensive SQL injection has a magic bullet, the first step: many novice download SQL Universal Anti-injection System program, in the need to prevent the injection of the page head to protect others from manual injection testing.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449965.aspx
SQL injection---use "dbo" for SQL administrative and system permissions
If a syntax error occurs when the "dbo" conversion column with the data type int is displayed then you can use the method I described below to get system administrative permissions, if the "ABC" translates a column with the data type int is a syntax error then you can not use my following description to obtain system permissions.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449967.aspx
two anti-SQL injection filter Codes
A simple method of SQL injection protection that embeds filter code in a Web page, based on perceived security measures.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449969.aspx
Lan Yu Design an entire station SQL injection Vulnerability
The following article will appear in the Nowa to modify the system vulnerability has never been a SQL injection vulnerability! Only blame the blue rain to modify the program when the problem is not well injected! This is not my fault! Who's going to call a programmer who won't pay attention to a safe corner?
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449972.aspx
SQL injection penetrates a network security company's website throughout the process
Writing this article is not to tell you how to do the invasion, but to remind everyone: "Invasion is accidental, but security is not necessarily", do not neglect some small details of the operation.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449973.aspx
SQL Injection Defense
SQL injection modifies the site database through a Web page. It can add users with administrator privileges directly to the database, resulting in system administrator privileges. Hackers can take advantage of the administrator access to any of the files on the site or on the Web page with a Trojan horse and a variety of malicious programs, the site and access to the site's users have brought great harm. Details >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449976.aspx
Ultimate Defense against SQL injection Vulnerabilities
In fact, SQL injection vulnerability is not scary, know the principle + patience carefully, you can completely prevent! Here are 4 functions, enough to withstand all SQL injection vulnerabilities! Read the code and you can digest it. Details >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449979.aspx
SQL injection and ASP Trojan upload
After SQL injection, how to upload Trojans, has always been a headache, I am here to provide an alternative way to upload a trojan.
1, SQL injection, with xp_cmdshell to the server to write an ASP file to write files.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449983.aspx
How to protect a database when SQL injection
SQL injection is an effective strategy to prevent database attacks. An attacker would inject an SQL statement into another statement, which would normally corrupt your database. Web sites with database interfaces are often vulnerable to SQL injection because they are based on dynamic SQL.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449986.aspx
Morning design Full station SQL injection Vulnerability
From the perspective of a security worker, the author makes detailed tests of the early morning design of an entire station SQL injection vulnerability.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449988.aspx
talking about SQL injection type (SQL injection) attack and prevention
No systematic study of ASP or PHP programming, there is no system to learn access, SQL Server, MySQL and other databases, so I am not a programmer, although often do something similar to programmers.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449991.aspx
use VBS to write 80-port attack scripts such as SQL injection
I accidentally opened a VBS script when I flipped over the machine last night, and suddenly found an object Test.sendrequest ("http//" & G_sserver & "/testfiles/browser.asp") that I had not seen before. Although the object has not been seen, the meaning is obvious: send an HTTP request.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449992.aspx
C # Check string, anti-SQL injection attack
These days, the CSDN discussion of SQL injection attacks seems to be in full swing ... I come to join in the same. As the following, the Checkparams function, receive parameters arbitrary, such as a string in the argument, the string is checked, such as a collection of parameters (such as array, in short, the implementation of ICollection), the collection of string elements are checked.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449994.aspx
about SQL injection 80004005 and other error message parsing
This article details some of the common causes of Microsoft data Access Component (MDAC) to receive 0x800040005 errors, including ActiveX data Objects, OLE DB, and Remote Data Services (RDS). This article also discusses some other error messages, including 80040E21, 80040e14, and 80040e10.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3449996.aspx
SQL injection Intrusion Network SQL Edition Forum
Now the latest version of the motion network is 7.0+SP2. It should be said that security is already very high. So the problem from the script itself to break through it is not very difficult. But we can indirectly "fix" the network from some external means. Now the combination of iis+asp+sql2000 is more common. and a Web site using a large number of ASP script programs, it is inevitable that there is no mistake. If there is a SQL injection point on a host, and this host is installed with the mobile network SQL version, it is basically possible to conclude that the mobile network is yours. Let's take a look at the example below. Detailed Content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3450001.aspx
Use SQL to inject 2 minutes of intrusion site full record
Talk about streamer, snow, disorderly DAO, can be said to be the famous nobody knows no one, these are small Banyan brother works. Every time I mention small Banyan brother come, my worship admire like surging river, continuous ~ ~ ~ ~ ~ ~! Let us worship the little Banyan brother recently released the SQL Injection tool, this time like the use of SQL injection to invade the site of black friends blessed. Little Banyan's tools are strong! I use it to take care of our local port, from the search for injection into the attack success, through accurate timing, a total of only 3 points for 40 seconds, oh, king demeanor, is strong Ah! Don't you believe me? Take a look at my invasion process.
Detailed content >>
Http://blog.csdn.net/wufeng4552/archive/2008/12/05/3450005.aspx
SQL injection Topics--Finishing posts