{"id":195,"date":"2008-12-04T08:46:22","date_gmt":"2008-12-04T00:46:22","guid":{"rendered":""},"modified":"2014-02-27T22:59:41","modified_gmt":"2014-02-27T14:59:41","slug":"asp%e5%88%9d%e5%ad%a6%e8%80%85%e5%b8%b8%e7%8a%af%e7%9a%84%e5%87%a0%e4%b8%aa%e9%94%99%e8%af%af","status":"publish","type":"post","link":"http:\/\/www.xiaoyebailong.com\/index.php\/2008\/12\/04\/195.htm","title":{"rendered":"ASP\u521d\u5b66\u8005\u5e38\u72af\u7684\u51e0\u4e2a\u9519\u8bef"},"content":{"rendered":"<p><strong>1.\u8bb0\u5f55\u96c6\u5173\u95ed\u4e4b\u524d\u518d\u6b21\u6253\u5f00:<br \/>\n<\/strong>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;<br \/>\nsql=&quot;select * from test&quot;<br \/>\nrs.open sql,conn,1,1<br \/>\nif not rs.eof then<br \/>\ndim myName<br \/>\nmyName=rs(&quot;name&quot;)<br \/>\nend if<br \/>\nsql=&quot;select * from myBook&quot;<br \/>\nrs.open sql,conn,1,1<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<br \/>\n\u89e3\u51b3:\u5728\u7b2c\u4e8c\u6b21rs.open\u4e4b\u524d\u5148\u5173\u95ed rs.close<br \/>\n\u6216<br \/>\nset rs1=server.createobject<br \/>\nrs1.open sql,conn,1,1<\/p>\n<p><b>2,\u7528SQL\u5173\u952e\u5b57\u505a\u8868\u540d\u6216\u5b57\u6bb5\u540d<br \/>\n<\/b>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<br \/>\nsql=&quot;select * from user&quot;<br \/>\nrs.open sql,conn,1,1<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<br \/>\nuser\u4e3asql\u5173\u952e\u5b57<br \/>\n\u89e3\u51b3:\u6539\u4e3a<br \/>\nsql=&quot;select * from [user]&quot;<\/p>\n<p>\n<b>3,\u7528\u9501\u5b9a\u65b9\u5f0f\u53bb\u8fdb\u884cupdate<br \/>\n<\/b>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<br \/>\nsql=&quot;select * from [user]&quot;<br \/>\nrs.open sql,conn,1,1<br \/>\nrs.addnew<br \/>\n\u6216<br \/>\nrs(&quot;userName&quot;)=&quot;aa&quot;<br \/>\nrs.update<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<br \/>\n\u5f53\u524d\u8bb0\u5f55\u96c6\u7684\u6253\u5f00\u65b9\u5f0f\u4e3a\u53ea\u8bfb<br \/>\n\u89e3\u51b3:<br \/>\n\u6539\u4e3a<br \/>\nrs.open sql,conn,1,3<\/p>\n<p><b>4,\u5728\u67e5\u8be2\u8bed\u53e5\u4e2d\u91c7\u7528\u7684\u5bf9\u6bd4\u5b57\u6bb5\u503c\u4e0e\u5b57\u6bb5\u7c7b\u578b\u4e0d\u7b26<br \/>\n<\/b>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\nsql=&quot;select * from [user] where id=&#8217;&quot; &amp; myID &amp; &quot;&#8217;&quot;<br \/>\nrs.open sql,conn,1,1<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\n\u5047\u8bbe\u8868\u4e2d\u8bbe\u8ba1ID\u4e3a\u6570\u5b57\u578b\uff0c\u90a3\u4e48\u4e9b\u65f6\u51fa\u9519\u3002<br \/>\n\u89e3\u51b3:<br \/>\nsql=&quot;select * from [user] where id=&quot; &amp; myID<\/p>\n<p><b>5,\u672a\u68c0\u67e5\u53d8\u91cf\u503c\u800c\u51fa\u9519<\/b><br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\nsql=&quot;select * from [user] where id=&quot; &amp; myID<br \/>\nrs.open sql,conn,1,1<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\n\u5047\u8bbemyID\u53d8\u91cf\u6b64\u65f6\u503c\u4e3anull,\u90a3\u4e48sql\u5c06\u6210\u4e3a<br \/>\nsql=&quot;select * from [user] where id=&quot;<br \/>\n\u89e3\u51b3:<br \/>\n\u5728\u524d\u9762\u52a0\u4e0a<br \/>\nif isnull(myID) then \u51fa\u9519\u63d0\u793a<\/p>\n<p><b>6,\u672a\u68c0\u67e5\u53d8\u91cf\u503c\u7c7b\u578b\u800c\u51fa\u9519<br \/>\n<\/b>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\nsql=&quot;select * from [user] where id=&quot; &amp; myID<br \/>\nrs.open sql,conn,1,1<br \/>\n&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;<br \/>\n\u5047\u8bbeid\u4e3a\u6570\u5b57\u578b,myID\u53d8\u91cf\u6b64\u65f6\u503c\u4e0d\u4e3anull,\u4f46\u4e3a\u5b57\u7b26\uff0c\u6bd4\u5982myID\u6b64\u65f6\u4e3a&quot;aa&quot;<br \/>\n\u90a3\u4e48sql\u5c06\u6210\u4e3a<br \/>\nsql=&quot;select * from [user] where id=aa&quot;<br \/>\n\u89e3\u51b3:<br \/>\n\u5728\u524d\u9762\u52a0\u4e0a<br \/>\nif isnumeric(myID)=false then \u51fa\u9519\u63d0\u793a<\/p>\n<p>\u8fd9\u4e5f\u53ef\u4ee5\u6709\u6548\u9632\u6b62 sql injection \u6f0f\u6d1e\u653b\u51fb\u3002<\/p>\n<p><b>7,\u7531\u4e8e\u6570\u636e\u5e93\u6587\u4ef6\u6240\u5728\u76ee\u5f55\u7684NTFS\u6743\u9650\u800c\u5f15\u8d77\u7684&#8217;\u4e0d\u80fd\u66f4\u65b0\u3002\u6570\u636e\u5e93\u6216\u5bf9\u8c61\u4e3a\u53ea\u8bfb&quot;\u9519\u8bef\u3002<br \/>\n<\/b>\u8bf4\u660e:<br \/>\nWIN2K\u7cfb\u7edf\u5ef6\u7eed\u4e86WINNT\u7cfb\u7edf\u7684NTFS\u6743\u9650\u3002<br \/>\n\u5bf9\u4e8e\u7cfb\u7edf\u4e2d\u7684\u6587\u5939\u90fd\u6709\u9ed8\u8ba4\u7684\u5b89\u5168\u8bbe\u7f6e\u3002<br \/>\n\u800c\u901a\u8fc7HTTP\u5bf9WWW\u8bbf\u95ee\u65f6\u7684\u7cfb\u7edf\u9ed8\u8ba4\u7528\u6237\u662f iusr_\u8ba1\u7b97\u673a\u540d \u7528\u6237 ,\u5b83\u5c5e\u4e8eguest\u7ec4\u3002<br \/>\n\u5f53\u901a\u8fc7HTTP\u8bbf\u95ee\u65f6\uff0c\u53ef\u4ee5ASP\u6216JSP\uff0c\u4e5f\u6216\u662fPHP\u6216.NET\u7a0b\u5e8f\u5bf9\u6570\u636e\u8fdb\u884c\u4fee\u6539\u64cd\u4f5c\uff1a<br \/>\n\u6bd4\u5982\uff1a<br \/>\n\u5f53\u6253\u5f00\u67d0\u4e00\u4e2a\u6587\u7ae0\u65f6\uff0c\u7a0b\u5e8f\u8bbe\u5b9a\uff0c\u6587\u7ae0\u7684\u9605\u8bfb\u6b21\u6570=\u539f\u9605\u8bfb\u6b21\u6570+1<br \/>\n\u6267\u884c<br \/>\nconn.execute(&quot;update arts set clicks=clicks+1 where id=n&quot;)<br \/>\n\u8bed\u53e5\u65f6\uff0c\u5982\u679c iusr_\u8ba1\u7b97\u673a\u540d \u7528\u6237\u6ca1\u6709\u5bf9\u6570\u636e\u5e93\u7684\u5199\u6743\u9650\u65f6\uff0c\u5c31\u4f1a\u51fa\u9519.<br \/>\n\u89e3\u51b3\u65b9\u6cd5:<br \/>\n\u627e\u5230\u6570\u636e\u5e93\u6240\u5728\u76ee\u5f55<br \/>\n\u53f3\u952e\u300b\u5c5e\u6027\u300b\u5b89\u5168\u9009\u9879\u5361\u300b\u8bbe\u7f6e iusr_\u8ba1\u7b97\u673a\u540d \u7528\u6237\u7684\u5199\u6743\u9650(\u5f53\u7136\uff0c\u4e5f\u53ef\u4ee5\u662feveryone)<br \/>\n<img decoding=\"async\" onclick=\"javascript:window.open(this.src);\" src=\"http:\/\/ajax.cnrui.cn\/article\/UploadPic\/2006-11\/2006111617258187.gif\" width=\"368\" onload=\"return imgzoom(this,550)\" style=\"cursor: pointer\" alt=\"\" \/>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.\u8bb0\u5f55\u96c6\u5173\u95ed\u4e4b\u524d\u518d\u6b21\u6253\u5f00: &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212; sql=&quot;select * f&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"topic":[],"class_list":["post-195","post","type-post","status-publish","format-standard","hentry","category-technology"],"_links":{"self":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts\/195","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/comments?post=195"}],"version-history":[{"count":1,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts\/195\/revisions"}],"predecessor-version":[{"id":66068,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/posts\/195\/revisions\/66068"}],"wp:attachment":[{"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/media?parent=195"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/categories?post=195"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/tags?post=195"},{"taxonomy":"topic","embeddable":true,"href":"http:\/\/www.xiaoyebailong.com\/index.php\/wp-json\/wp\/v2\/topic?post=195"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}