[转载]面对SQL injection——您的Web程序安全么?
原始连接:[url]http://www.spidynamics.com/[/url]信息来源:邪恶八进制信息安全团队([url]www.eviloctal.com[/url])
The objective of this paper is to focus the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection, and to make clear the correct mechanisms that should be put in place to protect against SQL injection and input validation problems in general. Readers should have a basic understanding of how databases work and how SQL is used to access them. 呵呵 同意楼上的说法 我在得到了webshell后修复网站程序漏洞的时候就看到他们的程序往往就几个参数没过滤 最后就被inject了 可悲啊 一个懒带来了多少麻烦!
页:
[1]