SQL注入攻击
摘要:1.错误代码: string id = Request.Params["id"];string sql = "insert into [UserTable]([UserID]) values ('"+id+"')";executeSql(sql)2. 当运行http://localhost:14288/Default.aspx?id=wert') delete from [UserTable] -- UserTable数据被清空了3.做简单替换 string id = Request.Params["
阅读全文
posted @ 2013-01-19 22:13
浙公网安备 33010602011771号