sql入侵方法收集
在Global.asax文件中,如果不懂Global.asax文件,可以www.baidu.com一下,好多的,这个Global.asax用熟练了可以解决很多问题呵。 下面的方法过滤比较严格,如果用户在其它的输入包含敏感数据,都会被拒绝。
C# code
protected void Application_BeginRequest(Object sender, EventArgs e)
{
//SQL防注入
string Sql_1 = "exec ¦insert+ ¦select+ ¦delete ¦update ¦count ¦chr ¦mid ¦master+ ¦truncate ¦char ¦declare ¦drop+ ¦drop+table ¦creat+ ¦creat+table";
string Sql_2 = "exec+ ¦insert+ ¦delete+ ¦update+ ¦count( ¦count+ ¦chr+ ¦+mid( ¦+mid+ ¦+master+ ¦truncate+ ¦char+ ¦+char( ¦declare+ ¦drop+ ¦creat+ ¦drop+table ¦creat+table";
string[] sql_c = Sql_1.Split(' ¦');
string[] sql_c1 = Sql_2.Split(' ¦');
if(Request.QueryString != null)
{
foreach (string sl in sql_c)
{
if(Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >=0)
{
Response.Write("警告!你的IP已经被记录!");//吓唬人的
Response.Write(sl);
Response.Write(Request.QueryString.ToString());
//System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.F
//orms.MessageBoxButtons.OK,System.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
//Response.Redirect("http://www.163.com");
Response.End();
break;
}
}
}
if(Request.Form.Count > 0)
{
string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
if(Request.ServerVariables["HTTP_REFERER"] != null)
{
string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
string s3 = "";
if(s1.Length > (s2.Length -7))
{
s3 = s2.Substring(7);
}
else
{
s3 = s2.Substring(7,s1.Length);
}
if(s3 != s1)
{
Response.Write("你的IP已被记录!警告!");//吓人的
//System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.Forms.MessageBoxButtons.OK,Sy
//stem.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
//Response.Redirect("http://www.163.com");
Response.End();
}
}
}
}
C# code
protected void Application_BeginRequest(Object sender, EventArgs e)
{
//SQL防注入
string Sql_1 = "exec ¦insert+ ¦select+ ¦delete ¦update ¦count ¦chr ¦mid ¦master+ ¦truncate ¦char ¦declare ¦drop+ ¦drop+table ¦creat+ ¦creat+table";
string Sql_2 = "exec+ ¦insert+ ¦delete+ ¦update+ ¦count( ¦count+ ¦chr+ ¦+mid( ¦+mid+ ¦+master+ ¦truncate+ ¦char+ ¦+char( ¦declare+ ¦drop+ ¦creat+ ¦drop+table ¦creat+table";
string[] sql_c = Sql_1.Split(' ¦');
string[] sql_c1 = Sql_2.Split(' ¦');
if(Request.QueryString != null)
{
foreach (string sl in sql_c)
{
if(Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >=0)
{
Response.Write("警告!你的IP已经被记录!");//吓唬人的
Response.Write(sl);
Response.Write(Request.QueryString.ToString());
//System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.F
//orms.MessageBoxButtons.OK,System.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
//Response.Redirect("http://www.163.com");
Response.End();
break;
}
}
}
if(Request.Form.Count > 0)
{
string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
if(Request.ServerVariables["HTTP_REFERER"] != null)
{
string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
string s3 = "";
if(s1.Length > (s2.Length -7))
{
s3 = s2.Substring(7);
}
else
{
s3 = s2.Substring(7,s1.Length);
}
if(s3 != s1)
{
Response.Write("你的IP已被记录!警告!");//吓人的
//System.Windows.Forms.MessageBox.Show("禁止提交外部数据","1",System.Windows.Forms.MessageBoxButtons.OK,Sy
//stem.Windows.Forms.MessageBoxIcon.Error,System.Windows.Forms.MessageBoxDefaultButton.Button1,System.Windows.Forms.MessageBoxOptions.DefaultDesktopOnly);
//Response.Redirect("http://www.163.com");
Response.End();
}
}
}
}