-
Anonymous users2024-02-05""Into. ""
Note that his if then statement is not followed by end if, so you should be careful not to add a return wrap after then, if it wraps, it will be syntactically wrong.
There is one more thing to note:
on error resume next
Into. on error resume next, so that you can observe syntax errors in asp.
-
Anonymous users2024-02-04Oops, you must have changed something, instead of looking for that mistake here, it's better to get the next one from the Internet, it's all over the place anyway. Efficiency, don't you say?
-
Anonymous users2024-02-031.Check the server or upload component for vulnerabilities? 2.
If it is a static page generation, please check whether there is a bug in the login verification mechanism of the website management platform (in layman's terms: **background), such as bypassing the verification. 3.
Add the template (.html or. htm) file to read-only.
The template folder is set to read-only, and there is no write or modification permission. [Limited to static page generation**].
-
Anonymous users2024-02-02What does the vulnerability have to do with 360. Check ****, scan the next scanning tool to see what you can scan, analyze the page according to the scan results, and find out the vulnerabilities for patching.
-
Anonymous users2024-02-01The so-called SQL injection is to insert SQL commands into the web form to submit or enter the query string of domain names or page requests, and finally deceive the server to execute malicious SQL commands. Specifically, it is the ability to use existing applications to inject (malicious) SQL commands into the backend database engine for execution, and it can obtain a database with security vulnerabilities by entering (malicious) SQL statements into web forms, rather than executing SQL statements according to the designer's intentions. For example, many previous film and television ** leaked VIP member passwords, most of which were exposed through web forms to submit query characters, and this kind of form is particularly vulnerable to SQL injection attacks
To summarize the protection, there are mainly the following points:
1.Never trust the user's input. Validate the user's input, either by regular expressions, or by limiting the length; Pair single quotes and .
Double"-"Make conversions, etc.
2.Never use dynamic assembled SQL statements, you can use parameterized SQL statements or directly use stored procedures to query and access data.
3.Never use a database connection with administrator privileges, use a separate database connection with limited privileges for each app.
4.Do not store confidential information directly, encrypt or hash out passwords and sensitive information.
5.The app's exception message should give as few hints as possible, and it's best to wrap the original error message with a custom error message.
The detection method of injection is generally detected by auxiliary software or ** platform, and the software generally uses the SQL injection detection tool JSKY, and the ** platform has the detection tool of Yisi ** security platform. MDCow Scan, et al. MDCosoft-IPS can be used to effectively defend against SQL injection, XSS attacks, etc.