7
4)
then we can inject SQL syntax (in this case OR) into the SQL
2.3 ASP
ASP (Application Service Provider) is a perception or business to provide services
through a network. The provider will put some applications
in the website.
Users
will be
able
to
enter
the
application
through
web browser.
Users
do
not
need
to
install
the
software or applications, simply web browser is needed.
ASP
concept
is
related to
centralized
processing
or
centralized
computing
because
the
software
is
installed
in
one
computer
and
accessed
through
many
computers.
Some
forms of ASP business are:
•
Specialist or functional ASP
Deliver single application
•
Vertical market ASP
Deliver solution packages
•
Enterprise ASP
Deliver broad spectrum solutions
•
Local ASPDeliver small business services in a limited region.
ASP is a website programming which in most
storing data used backend SQL Server
database. The result any time you generate a SQL statement dynamically in an ASP page
using
data
retrieved
from a
query
string,
form content,
or even
a
cookie,
you
expose
yourself
to
a
SQL
injection
attack.
To
demonstrate
this,
have
a
look
at
the
following
 |