彻底解决ASP注入漏洞
本人最近研究彻底解决asp注入漏洞的方法!希望大家多提建议
原理,就是象java一样使用preparestatement.
下面例子连接的是sql server数据库
代码如下:
PrepareSql.asp
<%
' 定义数据库操作常量
Const adStateClosed = 0
Const adOpenForwardOnly = 0, adOpenKeyset = 1, adOpenDynamic = 2, adOpenStatic = 3
Const adLockReadOnly = 1, adLockPessimistic = 2, adLockOptimistic = 3, adLockBatchOptimistic = 4
Const adCmdText = 1, adCmdTable = 2, adCmdStoredProc = 4, adExecuteNoRecords = 128
Const adBigInt = 20, adBoolean = 11, adChar = 129, adDate = 7, adInteger = 3, adSmallInt = 2, adTinyInt = 16, adVarChar = 200
const adParamInput = 1, adParamOutput = 2, adParamInputOutput = 3, adParamReturnValue = 4
%>
<%Class PrepareSQL
Private cmdPrep
Private m_String
Private m_Sql
Private m_conn
public function setconn(conn)
set m_conn=conn
end function
Public Function prepare(sql)
set cmdPrep=nothing
SET cmdPrep=Server.CreateObject("ADODB.Command")
set cmdPrep.ActiveConnection=m_conn
cmdPrep.CommandText =sql
End Function
Public Function setInt(theValue )
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adInteger, adParamInput,, theValue)
End Function
Public Function setDate(theValue )
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adVarChar, adParamInput, 100, theValue)
End Function
Public Function setBoolean(theValue )
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adBoolean, adParamInput, 1, theValue)
End Function
Public Function setString(theValue )
if(len(theValue)=0 )then
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adVarChar, adParamInput, 1, theValue)
else
cmdPrep.Parameters.Append cmdPrep.CreateParameter("", adVarChar, adParamInput, lenb(theValue), theValue)
end if
End Function
Public Function execute()
set execute=cmdPrep.Execute
End Function
End Class%>
test.asp
<!--#include file="../include/datastore.asp"-->
<!--#include file="../include/PrepareSql.asp"-->
<%
Dim ps
Dim cn
set cn=server.CreateObject("adodb.connection")
Dim strcn
strCn="driver={SQL server};server=127.0.0.1;uid=sa;pwd=test;database=PUBS"
cn.Open strCn
set ps=new PrepareSql
ps.setconn cn
ps.prepare "select * from user where id =?"
ps.setint 1
dim rs
set rs=ps.execute
%>