The intention of the article is the gas magic! The vulnerability he published is that the vulnerability can be used:
There is a code below: <% DIM Name, title name = trim (Request.form ("Name")) Password = Trim (Request.form ("Password")) if Name = "" or password = "" "" "THEN Response .redirect "error.asp? error = name & name = null" mydsn = "dsn = test; uid = test; pwd = test" set cn = server.createObject ("adoDb.connection") cnopen mydsn sql = "INSERT INTO Test (Name, Title) Values ('"& name &",' "& password &") "cn.execute (sql) cn.close%> Using the TRIM function to remove the opening and ending space, in general, This program is performed very normal, but later found that someone can use spaces, meaning that the user's Name is completely spaced, but I try to use spaces, but I can't pass (that is, the program is monitored), The opening and ending spaces are removed by the Trim function, even if there is a space in the middle, you can use a function to remove the middle space, because the user information under the SQL database is used, so he suspects he uses him. What other things make the system can't see it,
