ASP.NET SQL ×¢Èë½â¾ö·½°¸
ÈκÎÒ»ÖÖʹÓÃÊý¾Ý¿âweb³ÌÐò£¨µ±È»£¬Ò²°üÀ¨×ÀÃæ³ÌÐò£©¶¼Óб»SQL×¢ÈëµÄ·çÏÕ¡£·ÀÖ¹±»SQL×¢È룬×î»ù±¾µÄ·½·¨ÊÇÔÚ´úÂ뼶±ð¾ÍÒª×èÖ¹ÕâÖÖ¿ÉÄÜ£¬Õâ¸öÍøÉϽ²µÄºÜ¶à£¬ÎҾͲ»¶à˵ÁË¡£²»¹ýÈç¹ûÄãÄõ½µÄÊÇÒ»¸öÒѾÍ깤µÄ²úÆ·£¬Õâ¸öʱºò¸ÃÈçºÎ½â¾öÄØ£¿ÎÒ½éÉܼ¸ÖÖ¶ÔÓÚASPºÍASP.NETÓÐЧµÄ·ÀÖ¹SQL×¢ÈëµÄ·½°¸£¬¶øÇÒÊÇÃâ·ÑµÄ¡£
UrlScan 3.1
UrlScan 3.1ÊÇÒ»¸ö°²È«·½ÃæµÄ¹¤¾ß£¬Î¢Èí¹Ù·½µÄ¶«Î÷¡£Ëü»á¼ì²éËùÓÐIIS´¦ÀíµÄHTTPÇëÇó¡£UrlScan ¿ÉÒÔÔÚÓа²È«ÎÊÌâµÄHTTPÇëÇóµ½´ïÓ¦ÓóÌÐò֮ǰ¾Í×èÖ¹Õâ¸öÇëÇó¡£UrlScan 3.1 ÊÇUrlScan 2.5µÄÒ»¸öÉý¼¶°æ±¾£¬Ö§³ÖWindows Vista ºÍWindows Server 2008ϵͳ֮ÉϵÄIIS 5.1, IIS 6.0 ºÍ IIS 7.0¡£
Á´½ÓµØÖ·£ºhttp://www.iis.net/expand/UrlScan ÕâÀﻹÓкܶà·Ç³£ÓÐÓõÄIISÀ©Õ¹£¬¿ÉÒÔ¿´¿´¡£
IIS 6 SQL Injection Sanitation ISAPI Wildcard
Õâ¸öISAPI dll Ò²ÊÇͨ¹ý¼ì²éHTTPÇëÇó±ÜÃâSQL×¢Èë¡£Ö»¼æÈÝwindows 2003É쵀 IIS 6.0¡£¶ÔÓÚWindows XP É쵀 IIS 5 ²»Ö§³Ö¡£
ÕâÊÇÒ»¸ö¿ªÔ´ÏîÄ¿£ºhttp://www.codeplex.com/IIS6SQLInjection
ת×Ô:http://www.cnblogs.com/DotNetNuke/archive/2009/12/30/1635758.html
Ïà¹ØÎĵµ£º
×÷Õß
£º
Takayuki Hoshino
׫¸åÈË
£º
Juergen Thomas
¼¼
Êõ
ÉóÔÄÈË
£º
Sanjay Mishra
SQL Server Ϊ SAP Ó¦ÓóÌÐòÌṩÁË׿ԽµÄÊý¾Ý¿âƽ̨¡£ÏÂÁн¨Òé¸ÅÊöÁËÕë¶Ô SAP ʵÏÖά»¤ SQL Server Êý¾Ý¿âµÄ×î¼Ñ×ö·¨¡£
ÿÌìÖ´ÐÐÍêÕûÊý¾Ý¿â±¸·Ý
´Ó
¼¼Êõ½Ç¶ÈÀ´Ëµ£¬Áª»ú±¸·Ý SAP Êý¾Ý¿â²»³ÉÎÊÌâ¡£ÕâÒâζ×Å£¬×îÖ ......
ÔÎĵØÖ·:http://hi.baidu.com/%BC%D9%BA%EC%D2%B6%CE%E8%CE%F7%B7%E7/blog/item/81f35da209e287abcbefd005.html
1. ʲôÊÇSQL×¢Èë
ËùνSQL×¢È룬¾ÍÊÇͨ¹ý°ÑSQLÃüÁî²åÈëµ½Web±íµ¥µÝ½»»òÊäÈëÓòÃû»òÒ³ÃæÇëÇóµÄ²éѯ×Ö·û´®£¬×îÖÕ´ïµ½ÆÛÆ·þÎñÆ÷Ö´ÐжñÒâµÄSQLÃüÁͨ¹ýµÝ½»²ÎÊý¹¹ÔìÇÉÃîµÄSQLÓï¾ä£¬´Ó¶ø³É¹¦»ñÈ¡ÏëÒªµÄÊý¾Ý¡£
......
SqlCommand com = new SqlCommand("select * from myuser where username=@UserName and password=@Pwd", con);
com.Parameters.Add(new SqlParameter("@UserN ......
using System;
using System.Collections.Generic;
using System.Text;
using System.Web;
namespace pub.mo
{
public class request
{
private request() { }
/// <summary>
/// »ñÈ¡session
/// </summary>
/// <param name="_session_name" ......
asp.netÓÐʱºò³£³£Ó÷þÎñÆ÷°ó¶¨¿Ø¼þÓÐЩÂé·³...
´úÂëÓÐЩÔÓ....
using System;
using System.Web.UI.WebControls;
using System.Data;
using System.Web.UI.HtmlControls;
using System.Collections.Generic;
using System.Web;
using System.Text;
namespace pub.mo
{
public class bind
{
p ......