搜索

[17871] 2021-01-11_如何防范SQL注入攻击?

文档创建者:s7ckTeam
浏览次数:2
最后更新:2025-01-18
2021-01-11_如何防范SQL注入攻击? S Q L   H a c k e r   2 0 2 1 - 0 1 - 1 1 S Q L S q l S q l S q l j s S Q L a s p S Q L s e l e c t   *   f r o m   a d m i n   w h e r e   u s e r n a m e = ' " & u s e r & " '   a n d   p a s s w o r d = ' " & p w d & " ' "   1 '   o r   ' 1 ' = ' 1 s e l e c t   *   f r o m   a d m i n   w h e r e   u s e r n a m e = ' 1   o r   ' 1 ' = ' 1 '   a n d   p a s s w o r d = ' " & p w d & " ' " n e t   u s e r   x p _ c m d s h e l l   / a d d   e x e c   m a s t e r . d b o . x p _ c m d s h e l l   n e t   l o c a l g r o u p   a d m i n i s t r a t o r s   s e l e c t   c o u n t   A s c   c h a r   m i d   '   :   "   i n s e r t   d e l e t e   f r o m   d r o p   t a b l e   u p d a t e   t r u n c a t e   f r o m   % [ C O D E   S T A R T ]       < s c r i p t   l a n g u a g e = " j a v a s c r i p t " > < ! - - v a r   u r l   =   l o c a t i o n . s e a r c h ; v a r   r e = / ^ ? ( . * ) ( s e l e c t % 2 0 | i n s e r t % 2 0 | d e l e t e % 2 0 f r o m % 2 0 | c o u n t ( | d r o p % 2 0 t a b l e     | u p d a t e % 2 0 t r u n c a t e % 2 0 | a s c ( | m i d ( | c h a r ( | x p _ c m d s h e l l | e x e c % 2 0 m a s t e r     | n e t % 2 0 l o c a l g r o u p % 2 0 a d m i n i s t r a t o r s | " | : | n e t % 2 0 u s e r | ' | % 2 0 o r % 2 0 ) ( . * ) $ / g i ; v a r   e   =   r e . t e s t ( u r l ) ; i f ( e )   { a l e r t ( " " ) ; l o c a t i o n . h r e f = " e r r o r . a s p " ; } / / - - > < s c r i p t >   [ C O D E   E N D ] [ C O D E   S T A R T ] % O n   E r r o r   R e s u m e   N e x t D i m   s t r T e m p I f   L C a s e ( R e q u e s t . S e r v e r V a r i a b l e s ( " H T T P S " ) )   =   " o f f "   T h e n s t r T e m p   =   " h t t p : / / " E l s e s t r T e m p   =   " h t t p s : / / " E n d   I f s t r T e m p   =   s t r T e m p   &   R e q u e s t . S e r v e r V a r i a b l e s ( " S E R V E R _ N A M E " ) I f   R e q u e s t . S e r v e r V a r i a b l e s ( " S E R V E R _ P O R T " )   < >   8 0   T h e n   s t r T e m p   =   s t r T e m p   &   " : "   &   R e q u e s t . S e r v e r V a r i a b l e s ( " S E R V E R _ P O R T " ) s t r T e m p   =   s t r T e m p   &   R e q u e s t . S e r v e r V a r i a b l e s ( " U R L " ) I f   T r i m ( R e q u e s t . Q u e r y S t r i n g )   < >   " "   T h e n   s t r T e m p   =   s t r T e m p   &   " ? "   &   T r i m ( R e q u e s t . Q u e r y S t r i n g ) s t r T e m p   =   L C a s e ( s t r T e m p ) I f   I n s t r ( s t r T e m p , " s e l e c t % 2 0 " )   o r   I n s t r ( s t r T e m p , " i n s e r t % 2 0 " )   o r   I n s t r ( s t r T e m p , " d e l e t e % 2 0 f r o m " )   o r   I n s t r ( s t r T e m p , " c o u n t ( " )   o r   I n s t r ( s t r T e m p , " d r o p % 2 0 t a b l e " )   o r   I n s t r ( s t r T e m p , " u p d a t e % 2 0 "
I f   I n s t r ( s t r T e m p , " s e l e c t % 2 0 " )   o r   I n s t r ( s t r T e m p , " i n s e r t % 2 0 " )   o r   I n s t r ( s t r T e m p , " d e l e t e % 2 0 f r o m " )   o r   I n s t r ( s t r T e m p , " c o u n t ( " )   o r   I n s t r ( s t r T e m p , " d r o p % 2 0 t a b l e " )   o r   I n s t r ( s t r T e m p , " u p d a t e % 2 0 " R e s p o n s e . W r i t e   " s c r i p t   l a n g u a g e = ' j a v a s c r i p t ' " R e s p o n s e . W r i t e   " a l e r t ( ' ' ) ; " R e s p o n s e . W r i t e   " l o c a t i o n . h r e f = ' e r r o r . a s p ' ; " R e s p o n s e . W r i t e   " s c r i p t " E n d   I f % [ C O D E   E N D ]
回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理