????1. ???????????? ???web server????sql??????????????sql????????????????????????????????sql?????????????delete all??drop database??????????????????????????????!??????л???????internet??????????????????????У??ж???????????????????web????????????????????

????2. ??????????????????web???????IE???server???DB?????y???????????в??????????????script??????????????;app server????????????????????db server??????????Щ????????????????????ο????script????????Щcase???????????????????????????????????????????????script??????????????form?????????????????????????

????3. ??????????????????????ɡ?

????WEB???????????BUG???

????1??SQL INJETION

????2??????????????????????

????3??COOKIES?????

????4?????????????

??????SQL INJETION????????

????????

???????????????????????news.asp???ò?????????????????????

????http://www.xxx.com/news.asp?id=1????????????

????????????

????rs.open "select * from news where id=" &

????cstr(request("id"))??conn??1??1

???????????в????????????URL??????????????????????

????select * from news where id=1

????????SQL????????????????????????news???id?1???????????

??????????SQL SERVER??select???????????????е???????????URL???

????http://www.xxx.com/news.asp?id=1and 1=(select count(*) from admin

????where left(name??1)=a)

????SQL???????

????select * news where id=1 and 1=(select count(*)

????from admin where left(name??1)=a)

?????????admin?????????????????name??????????????a????news????id?1???????news????id?1?????????????????????????1&P????P??棬??????棬????????????????檔?????????????????????id?????2????????????????????????????ú??????????????????