Security experts: URL vulnerabilities cannot be ignored

Source: Internet
Author: User

Some time ago, the public security department cracked a case where a program of a network company was stolen and analyzed that the main problem was the URL Vulnerability.

Test whether the program has a URL Vulnerability. The simplest method is to add a ', such as show. asp, to Request. QueryString? Id = 1, changed to show. asp? Id = 1'. Open "show friendly HTTP Error message" in the IE advanced option to see if there are unclosed quotation marks before "string "?

If the database is SQLSERVER, run the following command in the query Analyzer: exec master. dbo. xp_mongoshell dir c:

Hackers can use exec master. dbo. xp_mongoshell does everything, so it is easy to use this command to create the user exec master in your system. dbo. xp_mongoshell 'net user cc/add'; exec master. dbo. xp_mongoshell 'net localhost administrators cc/add' will be unknown in the future.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.