开发者

what is the difference between asp injection and sql injection on an asp page

开发者 https://www.devze.com 2023-01-22 08:47 出处:网络
Basically i am looking for th开发者_开发问答e difference between asp injection and sql injection on a asp webpage and what are the different types of asp injection other than sql injectionSimple examp

Basically i am looking for th开发者_开发问答e difference between asp injection and sql injection on a asp webpage and what are the different types of asp injection other than sql injection


Simple example: You allow uploading of files. Someone uploads an .asp-file, and voila, they can execute any asp code they want.

Another example: You use the Server.Execute()-method to have some filename and/or asp-code stored in your database. Instead of a filename, someone writes some asp code, and voila, they can execute any asp code they want.


I think ASP injection can include non-relational database code such as JavaScript.

SQL injection adds SQL to do harm exclusively to your relational database.

Wikipedia might be a good starting place:

http://en.wikipedia.org/wiki/Code_injection

I would suggest that you not accept raw input from web pages without encoding, validating, and binding them on the server side. It's your best chance to guard against unwanted inputs. How will you know an input is potentially harmful until you look at it?

You should always validate on the server side, even if you do client-side validation.

I'd say that it's unlikely that you'll gain a complete understanding or solution here simply by repeating your question and asking for more links. I'd suggest that you demonstrate some initiative and energy by doing something besides passive questioning.

0

精彩评论

暂无评论...
验证码 换一张
取 消