Request a rubbish

Request

　　Discussion of Request object

Request is an internal object in an ASP to get any information (such as header information, form data, cookies, and so on) that is passed in an HTTP request. So this is the most commonly used internal object in the ASP, commonly used to obtain the data submitted by the Get Method (Request.QueryString), the form Post submitted data (Request. Form) and Cookies request.cookies.

We use the Request object to specify the data to be submitted in a particular way. For example, we use this code to get the value of the data Lake2 submitted by post: Request.Form ("Lake2"), and Request.QueryString ("CSDN") gets the value of the CSDN submitted by the Get method.

For getting HTTP data, the ASP gives us a simpler way: request (key), which uses the request directly without specifying the data collection. At this point, the ASP will in turn in QueryString, from, Cookies, ServerVariables, clientcertificate, browser check the matching data, if found then return data.

The variables of ServerVariables, ClientCertificate, and browser are fixed in the 6 sets above, while those of QueryString, from, and cookies can be specified arbitrarily. It is not surprising that cookies can be used to pass arbitrary data.

Ok,test first. Create a new test.asp file in the local Web directory, which reads: <%=request ("B")%>

Step 1: Direct access to Ke2 ">http://127.0.0.1/test.asp?b=la<b>k</b>e2, browser display Lake2

Step 2: Construct the form submission results as well as 1

Step 3: The form is constructed, the get passes the B value "he", while the post is "She" and the browser appears as "he". Oh, according to the previous sort has a priority

Step 4:telnet to local 80 port, construct HTTP request as follows (note cookies OH):

Get/test.asp http/1.1
Accept: */*

Accept-language:zh-cn

Accept-encoding:gzip, deflate

user-agent:mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Tencenttraveler. NET CLR 1.1.4322)

host:127.0.0.1

Connection:keep-alive

Cookie:b=lake2, Success!

After a bunch of servers responded to the data, we saw the "lake2,success!" (Q: Why is the space missing?) A: The committed space is not URL-coded.

In this case, we have both theoretical and practical evidence that cookies can be used to pass data.

　　Request object with SQL injection

Now turn to the topic and let's talk about SQL injection.

SQL injection attacks are an attack tactic that causes the server to be compromised because the Web application does not filter harmful data submitted by the user. Attention slightly, here involves the submission of data, nature to just say a lot of request contact AH.

In the final analysis, the SQL injection under ASP is due to the request parameters are not filtered or lax filtering. Of course, programmers are not security experts, and they may not know how to filter.

Therefore, the network on the emergence of a generic injection-prevention ASP program-"SQL Universal anti-injection system." After a period of time and several authors of the improvement, the program has been relatively complete, can basically intercept the SQL injection (but, personally think it's too strict filtering method, causing a lot of inconvenience). "SQL generic anti-injection system" is an ASP file that can only be contained in a file with a parameter submission. The principle of program filtering is to traverse the values of Get and post parameters and find that SQL injection keywords (such as and, select) Stop normal file execution.

Hey, it goes through get and post, which is the querystring and from collection of the request object, ignoring the cookies.

Now, we assume that there is a SQL injection porous ASP program, with network security knowledge of the administrator of the Internet to download and use the legendary "SQL Universal Anti-injection system", but unfortunately, the ASP program all get parameters are used in the request (key) ... (Oh, watching a blockade is broken, it is very enjoy things ^_^)

Here is just a hypothetical, as to the actual number of ASP programmers like to use request (key) to obtain data is not known.