摘要
Access数据库+ASP+IIS网站架构由于成本低廉和操作简单等优点被广泛采用,这种架构如果程序存在漏洞或安全措施设置不严格,就极易被入侵。最常见的入侵方法就是SQL注入,通过SQL注入可以获取Webshell,进而控制整个服务器。文章对Access数据库SQL注入技术进行研究,分析了可能获取Webshell的途径方法,并提出了相应的防范措施。
Access database + ASP + IIS Web site structure as low-cost and easy operation, many individuals, corporations and governments to adopt the structure. This architecture if the program is flawed and does not set strict security measures, it can easily be compromised. Invasive method is the most common SQL injection, SQL injection can get through Webshell, and thus control the entire server. This article focuses on the Access database through SQL injection attack methods to obtain Webshell research and prevention techniques.
出处
《信息网络安全》
2012年第3期78-80,共3页
Netinfo Security
