摘要: A customer asked that we check out his intranet site, which was used by the company's employees and customers. This was part of a larger security review, and though we'd not actually used SQL injection to penetrate a network before, we were pretty familiar with the general concepts. We were 阅读全文
posted @ 2012-11-19 12:16 Qiengo 阅读(347) 评论(1) 推荐(1) 编辑
摘要: Reprinted From:http://www.cnblogs.com/heyuquan/archive/2012/10/31/2748577.html拼接字符串的注入及参数化查询.下面的程序方案是采用 ASP.NET + MSSQL,其他技术在设置上会有少许不同。示例程序下载:SQL注入攻防入门详解_示例什么是SQL注入(SQL Injection)所谓SQL注入式攻击,就是攻击者把SQL命令插入到Web表单的输入域或页面请求的查询字符串,欺骗服务器执行恶意的SQL命令。在某些表单中,用户输入的内容直接用来构造(或者影响)动态SQL命令,或作为存储过程的输入参数,这类表单特别容易受到SQ 阅读全文
posted @ 2012-11-19 12:04 Qiengo 阅读(242) 评论(0) 推荐(0) 编辑