我有我的新網站由私營公司管理。這是什麼類型的數據庫,可能是sql注入?
今天早上,我不小心把在URL(「)雙引號,成爲如下錯誤:
網址:http://domain.com/sys.aspx?page=5&search=1"
Server Error in '/' Application.
Syntax error near '"' in the full-text search condition '1"'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Syntax error near '"' in the full-text search condition '1"'.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[SqlException (0x80131904): Syntax error near '"' in the full-text search condition '1"'.]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +212
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) +245
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2811
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +58
System.Data.SqlClient.SqlDataReader.get_MetaData() +112
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +6281668
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +6282737
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +424
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +28
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +211
System.Data.SqlClient.SqlCommand.ExecuteReader() +117
Pazar3.list.Page_Load(Object sender, EventArgs e) in E:\mudi\ker_ss\Solution\trunk\sys.aspx.cs:119
System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +25
System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +42
System.Web.UI.Control.OnLoad(EventArgs e) +132
System.Web.UI.Control.LoadRecursive() +66
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +2428
Version Information: Microsoft .NET Framework Version:2.0.50727.4984; ASP.NET Version:2.0.50727.4971
我的問題是什麼樣的數據庫是這樣的,可能是SQL INJECTION ?
什麼樣的數據庫並不重要。看起來像基於正在使用的對象的SQL Server。 * *重要的是,從你如何發現問題的描述來看,這個*是一個SQL注入漏洞。它應該立即修復。 – David
我想知道什麼樣的數據庫,我只是打電話給他們,他們告訴我'我們使用mysql'。那是對的嗎? – user3776781