K8-ASPÉøÍ¸»·¾³(ÕûÐÍ¡¢×Ö·ûÐÍ¡¢ËÑË÷ÐÍ)ÊÖ¹¤SQL×¢ÈëÁ·Ï°»·¾³

admin ·¢±íÓÚ 2013-2-19 09:27:20

×î½ü¿ªÊ¼¶¯ÊÖÐ´¸ö¹¤¾ß K8-Inject-SystemÎªÁË·½±ã²âÊÔ ¹Ê°Ñ¡¶K8ÐÅÏ¢°²È«¹¤¾ß°ü¡·ÀïµÄASPÂÛÌ³
¸ÄÁËÏÂ Ôö¼ÓÁË×Ö·ûÐÍºÍËÑË÷ÐÍ ÔÏÈÄÇ¸öÖ»ÄÜÓÃÀ´Ñ§Ï°ÕûÐÍ×¢Èë ÏÖÔÚÔö¼ÓÁË2¸ö ·½±ãÎÒÐ´×¢Èë¹¤¾ß
cookies×¢Èë»·¾³ µÈÎÒÓÐ¿ÕÔÙ¼ÓÉÏ ÏÖÔÚÏÈ¸øK8-Inject-System Ð´ÒÔÉÏµÄ×¢ÈëÏÈ
Èç¹ûÄãÏëÁ·Ï°ÊÖ¹¤×¢Èë ¿ÉÒÔÊ¹ÓÃ¡¶K8ÐÅÏ¢°²È«¹¤¾ß°ü¡·--ÉøÍ¸²âÊÔ--SQL×¢ÈëÓï¾ä--À´²âÊÔ

ÕûÐÍ http://localhost/show.asp?id=2
×Ö·ûÐÍ http://localhost/show3.asp?id=k8
ËÑË÷ÐÍ http://localhost/show3.asp?id=k8
---------------------------------------------------------------------------
Êý¾ÝÐÍ:and 1=1    Õý³£                      and 1=2    ´íÎó

×Ö·ûÐÍ:'and'1='1Õý³£                   'and '1'='2 ´íÎó
      ' and 1=1 and ''='                   ' and 1=2 and ''='
ËÑË÷ÐÍ: %' and 1=1 and '%'='                %' and 1=2 and '%'='

ÏÂÔØµØÖ·£º
http://www.rayfile.com/files/65abfdc7-85dd-11e1-b93e-0015c55db73d/

Ì¹È» ·¢±íÓÚ 2013-8-20 20:54:49

Ð´ÒÔÉÏµÄ×¢ÈëÏÈ

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

K8-ASPÉøÍ¸»·¾³(ÕûÐÍ¡¢×Ö·ûÐÍ¡¢ËÑË÷ÐÍ)ÊÖ¹¤SQL×¢ÈëÁ·Ï°»·¾³