防止数据库注入的一点小总结
1.数据库用户不能用sa 新建一个用户单独操作使用的数据库
2取消 Sysobjects columns 表的select权限
3网站代码过滤
4POST GET url过滤
Code/// <summary>
/// 过滤xss攻击脚本
/// </summary>
/// <param name="input">传入字符串</param>
/// <returns>过滤后的字符串</returns>
public static string FilterXSS(string html)
{
if (string.IsNullOrEmpty(html)) return string.Empty;
// CR(0a) ,LF(0b) ,TAB(9) 除外,过滤掉所有的不打印出来字符.
// 目的防止这样形式的入侵<java\0script>
// 注意:\n, \r, \t 可能需要单独处理,因为可能会要用到
string ret = System.Text.RegularExpressions.Regex.Replace(html, "([\x00-\x08][\x0b-\x0c][\x0e-\x20])", string.Empty);
//替换所有可能的进制构建的恶意代码
//<IMG SRC=@avascript:a&_#X6Cert('XSS')>
string chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()~`;:?+/={}[]-_|'\"\\";
for (int i = 0; i < chars.Length; i++)
{
ret = System.Text.RegularExpressions.Regex.Replace(ret, string.Concat("(&#[x|X]0{0,}", Convert.ToString((int)chars[i], 16).ToLower(), ";?)"), chars[i].ToString(), System.Text.RegularExpressions.RegexOptions.IgnoreCase);
}
//过滤\t, \n, \r构建的恶意代码
string[] keywords = {"javascript", "vbscript",
"expression", "applet", "meta", "xml", "blink", "link", "style",
"script", "embed", "object", "iframe", "frame", "frameset", "ilayer",
"layer", "bgsound", "title", "base","onabort", "onactivate", "onafterprint", "onafterupdate",
"onbeforeactivate", "onbeforecopy", "onbeforecut",
"onbeforedeactivate", "onbeforeeditfocus", "onbeforepaste",
"onbeforeprint", "onbeforeunload", "onbeforeupdate", "onblur",
"onbounce", "oncellchange", "onchange", "onclick", "oncontextmenu",
"oncontrolselect", "oncopy", "oncut", "ondataavailable",
"ondatasetchanged", "ondatasetcomplete", "ondblclick", "ondeactivate",
"ondrag", "ondragend", "ondragenter", "ondragleave", "ondragover",
"ondragstart", "ondrop", "onerror", "onerrorupdate", "onfilterchange",
"onfinish", "onfocus", "onfocusin", "onfocusout", "onhelp",
"onkeydown", "onkeypress", "onkeyup", "onlayoutcomplete", "onload",
"onlosecapture", "onmousedown", "onmouseenter", "onmouseleave",
"onmousemove", "onmouseout", "onmouseover", "onmouseup",
"onmousewheel", "onmove", "onmoveend", "onmovestart", "onpaste",
"onpropertychange", "onreadystatechange", "onreset", "onresize",
"onresizeend", "onresizestart", "onrowenter", "onrowexit",
"onrowsdelete", "onrowsinserted", "onscroll", "onselect",
"onselectionchange", "onselectstart", "onstart", "onstop", "onsubmit",
"onunload"};
bool found = true;
while (found)
{
string retBefore = ret;
for (int i = 0; i < keywords.Length; i++)
{
string pattern = "/";
for (int j = 0; j < keywords[i].Length; j++)
{
if (j > 0)
pattern = string.Concat(pattern, '(', "(&#[x|X]0{0,8}([9][a][b]);?)?", "|(�{0,8}([9][10][13]);?)?", ")?");
pattern = string.Concat(pattern, keywords[i][j]);
}
string replacement = string.Concat(keywords
[i].Substring(0, 2), "<x>", keywords[i].Substring(2));
ret = System.Text.RegularExpressions.Regex.Replace(ret, pattern, replacement, System.Text.RegularExpressions.RegexOptions.IgnoreCase);
if (ret == retBefore)
found = false;
}
}
}
Code// JScript 文件
var str= location.search;
var gs="select|update|insert|drop|from|truncate|xp_|exec|xp_cmdshell|delete|administrators|xp_cmdshell|asc|mid|exec|count|'|>|<|--";
var list=new Array()
var flag=true;
list=gs.split('|');
for(var i=0;i<list.length;i++)
{
var s=list[i];
if(str.indexOf(s)>-1)
{
alert("地址中含有非法字符~"+s);
location.href="/error.aspx";
break;
}
}
Global.asax
Codeprotected void Application_BeginRequest(Object sender, EventArgs e)
{
//遍历Post参数,隐藏域除外
foreach (string i in this.Request.Form)
{
if (i == "__VIEWSTATE") continue;
this.goErr(this.Request.Form[i].ToString());
}
//遍历Get参数。
foreach (string i in this.Request.QueryString)
{
this.goErr(this.Request.QueryString[i].ToString());
}
}
private void goErr(string tm)
{
if (SqlFilter2(tm))
this.Response.Redirect("~/index.aspx");
}
public static bool SqlFilter2(string InText)
{
string word = "and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join";
if (InText == null)
return false;
foreach (string i in word.Split('|'))
{
if ((InText.ToLower().IndexOf(i + " ") > -1) || (InText.ToLower().IndexOf(" " + i) > -1))
{
return true;
}
}
return false;
}
