Home>Network programming tutorial>ASP tutorial

Interpret the problem of preventing injection attacks when ASP programs execute SQL statements

Author:Eve Cole Update Time:2025-08-11 02:48:01

Recommended: Reveal the complete collection of commonly used function libraries for asp
'-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Here is a simple user-changing password code

--------------------------------------------------------------------------------------------------------------------------------

username=request(user_name)

pwd=request(pwd)

username=replace(username, ', ' ')

pwd=replace(pwd, ', ' ')

sql=updatetbl_testsetpwd= '&pwd& 'whereuid= '&username& '

setrs=conn.execute(sql)

--------------

Now, if I register a user, the user name is aa ';execsp_addlogin 'haha

What are the consequences when the user changes his password (assuming it changes to pp)? ?

sql becomes updatetbl_testsetpwd= 'pp 'whereuid= 'aa ';execsp_addlogin 'haha '

The result is that the user password has not been modified because there is no user aa,

But in your database, a login is created, the new login is named haha

Modify the username slightly, and you can actually run any SQL statement or any SQL system process.

And all this happened without you knowing it, in fact, the above is just one

Demonstration, slightly modify the user name, we can add a DBA account and delete it

Records, reading user passwords and other overriding operations.

Share: Detailed explanation of the simple way to change ASP page to pseudostatic
Currently, many websites use the method of generating static pages. The reason is that the access speed will be improved (the server-side CPU utilization rate is very low), and it is also easy to be included by search engines. However, one problem this brings is that you need enough space to store these static pages. If your space is not very rich and you want to be included by search engines, you can actually use pseudo-use

2 pages in total Previous page 12 Next page
Related Articles