д¸øÄÇЩASP.NET³ÌÐòÔ±£ºÍøÕ¾ÖеݲȫÎÊÌâ

ÔÚÍøÂç¾­³£¿´µ½ÍøÕ¾±»¹ÒÂí¡¢Ö÷Ò³±»Ð޸ĵÄÐÂÎÅ£¬ÆäʵÕâЩÎÊÌâ¿ÉÄÜÊǶ෽ÃæµÄ£¬·þÎñÆ÷£¬ÍøÕ¾³ÌÐòµÈµÈ¡£¡£¡£µ«ÊÇÏÖÔÚÒç³öÒѾ­±»ÈËÃÇÖØÊӺͷþÎñÆ÷µÄ²»¶ÏÍêÉÆ£¬·þÎñÆ÷ϵͳ©¶´Ò²²»ÊÇÄÇôÈÝÒ×·¢¾ò£¬µ±È»Ò²Òª±£Ö¤µÚÈý·½µÄÈí¼þ°²È«¡£
×öÏîÄ¿Ò²ÓÐÒ»¶Îʱ¼äÁË¡£ÔÚ³ÌÐòÖÐÒ²Óöµ½ºÜ¶à°²È«·½ÃæµÄÎÊÌâ¡£Ò²¸Ã×ܽáÒ»ÏÂÁË¡£Õâ¸öÏîÄ¿ÊÇÒ»¸öCMSϵͳ¡£ÏµÍ³ÊÇÓÃASP.NET×öµÄ¡£¿ª·¢µÄʱºò·¢ÏÖ΢Èí×öÁ˺ܶలȫ´ëÊ©£¬Ö»ÊÇÓÐЩÐÂÊÖ³ÌÐòÔ±²»ÖªµÀÔõô¿ªÆô¡£ÏÂÃæÎÒͨ¹ý¼¸¸ö·½Ãæ¼òµ¥½éÉÜ£º
£±£ºSQL ×¢Èë
£²£ºXSS
£³£ºCSRF
£´£ºÎļþÉÏ´«
£±£ºSQL ×¢Èë
ÒýÆðÔ­Òò£º
ÆäʵÏÖÔںܶàÍøÕ¾Öж¼´æÔÚÕâÖÖÎÊÌâ¡£¾ÍÊdzÌÐòÖÐÖ±½Ó½øÐÐSQLÓï¾äÆ´½Ó¡£¿ÉÄÜÓÐЩ¶ÁÕß²»Ì«Ã÷°×¡£ÏÂÃæͨ¹ýÒ»¸öµÇ¼ʱ¶ÔÓû§ÑéÖ¤À´ËµÃ÷£º
code:
     Ñé֤ʱµÄsqlÓï¾ä: select * from where user='"+txtUsername.Text+"' and pwd='"+txtPwd.Text+"'
ÕâÊÇÒ»¶Î´ÓÊý¾Ý¿âÖвéѯÓû§£¬¶ÔÓû§Ãû£¬ÃÜÂëÑéÖ¤¡£
¿´ÉÏÈ¥ºÃÏóûÓÐʲôÎÊÌ⣬µ«ÊÇʵ¼ÊÕâÀïÃædz²Ø×ÅÎÊÌ⣬Óû§Ãû£ºadmin ÃÜÂ룺 admin£¬
select * from where user='admin' and pwd='admin'
Èç¹ûÓû§ºÍÃÜÂëÕýÈ·¾Í¿ÉͨÑéÖ¤¡£Èç¹ûÎÒÓû§Ãû£ºasdf' or 1=1 -- ÃÜÂ룺ËæÒâÊäÈë.
ÎÒÃÇÔÙÀ´¿´Óï¾ä£º
select * from where user=‘asdf' or 1=1 -- and pwd=''
Ö´Ðк󿴵½Ê²Ã´£¿ÊDz»ÊÇËùÓмǼ£¬Èç¹û³ÌÐòÖ»ÊǼòµ¥ÅжϷµ»ØµÄÌõÊý£¬ÕâÖÖ·½·¨¾Í¿ÉÒÔͨÑéÖ¤¡£
Èç¹ûÖ´ÐÐÓï¾äÊÇSAÓû§£¬ÔÙͨ¹ýxp_cmdshellÌí¼Óϵͳ¹ÜÀíÔ±£¬ÄÇôÕâ¸ö·þÎñÆ÷¾Í±»ÄÃÏÂÁË¡£
½â¾ö·½·¨£º
£¨£±£©£ºÕâ¸öÎÊÌâÖ÷ÒªÊÇÓÉÓÚ´«ÈëÌØÊâ×Ö·ûÒýÆðµÄÎÒÃÇ¿ÉÒÔÔÚ¶ÔÊäÈëµÄÓû§ÃûÃÜÂë½øÈë¹ýÂËÌØÊâ×Ö·û´¦Àí¡£
£¨£²£©£ºÊ¹Óô洢¹ý³Ìͨ¹ý´«Èë²ÎÊýµÄ·½·¨¿É½â¾ö´ËÀàÎÊÌ⣨עÒ⣺ÔÚ´æ´¢¹ý³ÌÖв»¿ÉʹÓÃÆ´½ÓʵÏÖ£¬²»È»ºÍûÓô洢¹ýºÍÊÇÒ»ÑùµÄ£©¡£
£²£ºXSS£¨¿çÕ¾½Å±¾¹¥»÷£©
ÒýÆðÔ­Òò£º
Õâ¸öÒ²ÓÐʱ±»ÈËÃdzÆ×÷HTML×¢È룬ºÍsql×¢ÈëÔ­ÀíÏàËÆ£¬Ò²ÊÇûÓÐÌØÊâ×Ö·û½øÐд¦Àí¡£ÊÇÓû§¿ÉÒÔÌá½»HTML±êÇ©¶ÔÍøÕ¾½øÐÐÖØÐµĹ¹Ôì¡£ÆäʵÔÚĬÈϵÄÇé¿öÏÂÔÚasp.netÍøÒ³ÖÐÊÇ¿ªÆôvalidateRequestÊôÐԵģ¬ËùÓÐHTML±êÇ©ºó»á.NET¶¼»áÑéÖ¤£º
µ«ÕâÑùÖ±½Ó°ÑÒì³£Å׸øÓû§£¬¶àÉÙÓû§ÌåÑé¾Í²»ºÃ¡£
½â¾ö·½·¨£º
£¨£±£©£ºÍ¨¹ýÔÚ Page Ö¸Áî»ò ÅäÖýÚÖÐÉèÖà validateRequest=false ½ûÓÃÇëÇóÑéÖ¤£¬È»ºóÎÒÃǶÔÓû§Ìá½»µÄÊý¾Ý½øÐÐHtmlEncode,±àÂëºóµÄ¾Í²»»á³öÏÖÕâÖÖÎÊÌâÁË£¨ASP.NET ÖбàÂë·½·¨£ºServer.HtmlEncode(string)£©¡£
£¨£²£©£ºµ