1st,
To meets .net generally time the website
Usually will register a user
The first choice adds chart film title GIF89A using the upload judgment's crack to forgive smoothly
2nd,
The second kind has poured into, in? id=xx add-on single quotes “'”
In the ordinary circumstances comes SCAN with NBSI D to be possible to discover the BUG page
Moreover home mostly .net uses the MSSQL database
The discovery pours into also to be possible to start actually this method present success ratio from login in 75%
3rd,
However meets the search, with did not have the error message returned to the time obviously catches in here
Everybody may have a look at the article luck which on-line search pours into to be good, database and WEB in the same place
Writes the backup LOG sentence directly in the search, if the input frame limit character may local make the POST form
May also use WsockExpert to grasp the package to search.aspx? The latter value analysis add-on pours into the sentence
The gain way has been more easy to do, so long as in web.config
The code is as follows:
<! -- Web.Config configuration files -->
<configuration>
<system.web>
<customErrors mode= " On "/> 'here is off is defeated
</system.web>
</configuration>
Then only needs before the random filename
If allyesno.aspx changes ~allyesno.aspx to obtain the WEB absolute way smoothly
4th,
The luck is good, discovery debarkation backstage:
For instance: http://allyesno.cnblogs.com/admin/login.aspx
If the input password returns to http://allyesno.cnblogs.com/admin/error.aspx wrongly
Perhaps if inputs http://allyesno.cnblogs.com/admin%5Cindex.aspx to be possible to forgive the confirmation.
5th,
The backstage forgives the method:
'or '' ='
'or '' ='
Or
'or'='or'
'or'='or'
|