網頁設計漏洞

今天幫忙同學看電腦... 要幫他灌驅動程式時候 無意中連到一個網站(某家做主機板的公司) 身為一個 Web Developer 的我...手賤嘛..給他看一下原始檔... 暈倒.... 竟然犯一個大禁忌.. //DRIVER=SQL Server;APP=Microsoft Open Database Connectivity;SERVER=10.203.2.91;Description=SQL;UID=*******;PWD=*******;database=webinstall; 還好..IP是 PRIVATEIP 不然...唉.. //SELECT * FROM DLCenter where WinXP=1 AND VendorDeviceID='0x00e110de' AND SubSystemID = '0x00000000'; 簡直就是叫人來 SQL INJECTION 麻

This entry was written by TeYoU and posted on 星期三, 7月 11, 2007 and filed under , Bookmark the permalink . Follow any comments here with the RSS feed for this post . Post a comment ( in a new window )  

Make A Comment
張貼留言 ()
top
Get the Flash Player to see this player.
© 在一個陌生的世界裡漫遊 - Web 2.0 Blogger Template Dark by Jack Book and Dezinerfolio