Visit Beijing Broadband Small Lingtong Page, the specific address is: http://www.bbn.com.cn/xlt2.htm
In the user login, fill in the relevant information Xiao Lingxida: Normally, you should pay for your own small Lingtong number, so you send a text message, charge the cost of 0.08 yuan, but here you can fill in a number, such a fee can be transferred Go to someone else's account. Of course, you can also fill in a number of non-existent numbers, there is only Beijing communication. Password: Here is the key, if you want to log in correctly, the password should be a 'or' a '=' a
If you have learned a friend of the SQL statement, it is very well understood that the statement to verify the user's login is written like this.
SQL = "SELECT * from userTable where username = '" & username "" So, after we enter the username and password above, the SQL statement will change
SQL = "SELECT * from userTable where username = '81911234' and password = 'a' or 'a' = 'a'" So, regardless of the user and password, because there is a logical or 'a' = ' A 'is always an established, so this statement is definitely the result is returned, so the system will think that you have already logged in.
This is the SQL Injection we often say. This way, after the success is successful, return to the current page, you can send a small SMS to a friend by self-written text message.
For reference only, this issue has notified Beijing broadband network administrator, which may have been repaired when you test.
