×î½ü·¢ÏÖÎÒÃǹ«Ë¾µÄASP.NETµÄ´úÂëÓÐÆ´½ÓSQLÓï¾äµÄÏ°¹ß£¡ÕâÊǷdz£Î£Ïյġ£ÒÔÏÂÎÒ¾ÙÀý˵Ã÷Ò»ÏÂ
Àý×Ó1£º
statement := "SELECT * from users WHERE name = '" + userName + "'; "
½«Óû§Ãû±äÁ¿(¼´username)ÉèÖÃΪ£º
a' or 't'='t£¬´ËʱÔʼÓï¾ä·¢ÉúÁ˱仯£º
SELECT * from users WHERE name = 'a' OR 't'='t';
Èç¹ûÕâÖÖ´úÂë±»ÓÃÓÚÒ»¸öÈÏÖ¤¹ý³Ì£¬ÄÇôÕâ¸öÀý×Ó¾ÍÄܹ»Ç¿ÆÈÑ¡ÔñÒ»¸öºÏ·¨µÄÓû§Ãû£¬ÒòΪ¸³Öµ't'='tÓÀÔ¶ÊÇÕýÈ·µÄ¡£
Àý×Ó2£º
a'; DROP TABLE users; SELECT * from data WHERE name LIKE '%
Õâ¾Í½«×îÖÕµÄSQLÓï¾ä±ä³ÉÏÂÃæÕâ¸öÑù×Ó£º
SELECT * from users WHERE name = 'a'; DROP TABLE users; SELECT * from DATA WHERE name LIKE '%';
½«»áÔì³ÉÊý¾Ý¿â±í±»É¾³ýµÄÑÏÖغó¹û¡£
ËùÒÔÇ¿ÁÒ½¨Òé´ó¼ÒÍ£Ö¹SQLÓï¾äÆ´½Ó£¨ÌرðÊÇÍøÕ¾Ó¦Óã©£¬²ÉÓôø²ÎÊý»¯´æ´¢¹ý³Ì¡£
¶ÔÓÚÒѾÍê³ÉµÄASP.NETÍøÕ¾Ó¦Óã¬Éè¼ÆÐ޸ĴúÂëÌ«¶àµÄ£¬¿ÉÒÔ¿¼ÂǼÓÈëÈçÏ´úÂë´¦Àíһϣ¬±ÜÃâ±»ÑÏÖØ×¢Èë¹¥»÷¡£¿ÉÒÔͨ¹ýÔÚGlobal.asax.csÎļþÖÐÌí¼Ó¹ýÂ˹ؼü×ֵķ½·¨À´ÊµÏÖ ·ÀÖ¹ sql ×¢Èë¹¥»÷£¨sql injection£©,´úÂëÈçÏ¡£
/// <summary>
/// µ±ÓÐÊý¾Ýʱ½»Ê±£¬´¥·¢Ê¼þ
/// </summary>
/// <param name="sender"> </param>
/// <param name="e"> </param>
protected void Application_BeginRequest(Object sender, EventArgs e)
{
//±éÀúPost²ÎÊý£¬Òþ²ØÓò³ýÍâ
foreach (string i in this.Request.Form)
{
if (i == "__VIEWSTATE") continue;
this.goErr(this.Request.Form.ToString());
}
//±éÀúGet²ÎÊý¡£
foreach (string i in this.Request.QueryString)
{
this.goErr(this.Request.QueryString.ToString());
}
}
///<summary>
///SQL×¢Èë¹ý
