Unexpected injection points

The general injection point is http://www.xxxxx.net/list/asp? Id = Num, but with the proliferation of injection technology, a bit of security awareness People Are filtering out obvious injection points, not to mention hacking sites. Remember 77169. In the animation tutorial seems to have a lecture is injected with the Chaoyang network, even remember as is download page, injection page is similar to such a http://www.xxxxx.net/list/asp? Id = Num & ppath = undefined. To verify that I tried it, my test page is http://www.cycycy.net/list.asp? Id = 2026 & ppath = undefined. A "'" is added after the download page.
It seems that I have already filtered out. It is not my style to give up. I accidentally saw the words "click to download. Well, let's see what its address looks like. Maybe this is a breakthrough. There are two methods to know the address. One is to look at the source file, which is more convenient. It is OK to know a little HTML language.
Another method is to use download tools such as FlashGet. Note that the FTP address is displayed in the "url" column of FlashGet, and the actual redirection page is in "Reference. Is the address displayed http://www.cycycy.net/down.asp? Downid = 1 & id = 2012.
Let's see if there is any injection vulnerability. Add a single quotation mark to return the error message.
After adding the plus sign, a download prompt is displayed. The situations returned by adding "and 1 = 1" and "and 1 = 2" are similar. The injection vulnerability can be confirmed. Although there is a vulnerability, If we inject it manually, it will still return to the normal page (that is, the download prompt). Isn't it very troublesome? For example, this dish is easy to use. Of course, the injection was carried out with Xiaozhu's nbsi2. I tried it. If I directly add the injection page, the website will show "No injection vulnerability detected ".
Therefore, the most important step we need to do is to add an "id" (case sensitive) to the "feature character" of nbsi2. then the character box becomes writable, and then press "re-detect ", note that feature characters must be added only once detected. At this time, NBSI showed the ASC half-fold analysis, and then an exciting scene emerged.
Will all of the following operations be performed? Even though it is hard to imagine that a large website uses an Access database, it is hard to imagine that a large website has been published with vulnerabilities and vulnerabilities; the Administrator's mailbox cannot be found for a very large website, which is hard to imagine ......