| Access数据库SQL注入攻防技术研究 |
| |
| 引用本文: | 陈小兵,罗晖.Access数据库SQL注入攻防技术研究[J].信息网络安全,2012(3):78-80. |
| |
| 作者姓名: | 陈小兵 罗晖 |
| |
| 作者单位: | 北京市公安局网安总队,北京,100740 |
| |
| 摘 要: | Access数据库+ASP+IIS网站架构由于成本低廉和操作简单等优点被广泛采用,这种架构如果程序存在漏洞或安全措施设置不严格,就极易被入侵。最常见的入侵方法就是SQL注入,通过SQL注入可以获取Webshell,进而控制整个服务器。文章对Access数据库SQL注入技术进行研究,分析了可能获取Webshell的途径方法,并提出了相应的防范措施。
|
| 关 键 词: | Access数据库 SQL注入 Webshell 攻防 |
Access Database SQL Injection Attack and Defense Technology |
| |
| CHEN Xiao-bing
,
LUO Hui.Access Database SQL Injection Attack and Defense Technology[J].Netinfo Security,2012(3):78-80. |
| |
| Authors: | CHEN Xiao-bing LUO Hui |
| |
| Affiliation: | ( Beijing Public Security Bureau Network Security Corps, Beijing 100740, China ) |
| |
| Abstract: | Access database + ASP + IIS Web site structure as low-cost and easy operation, many individuals, corporations and governments to adopt the structure. This architecture if the program is flawed and does not set strict security measures, it can easily be compromised. Invasive method is the most common SQL injection, SQL injection can get through Webshell, and thus control the entire server. This article focuses on the Access database through SQL injection attack methods to obtain Webshell research and prevention techniques. |
| |
| Keywords: | Access database SQL injection webshell offensive |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
