·À·¶SQL×¢Èëʽ¹¥»÷
SQL×¢Èëʽ¹¥»÷ÊÇÀûÓÃÊÇÖ¸ÀûÓÃÉè¼ÆÉϵÄ©¶´£¬ÔÚÄ¿±ê·þÎñÆ÷ÉÏÔËÐÐSqlÃüÁîÒÔ¼°½øÐÐÆäËû·½Ê½µÄ¹¥»÷¶¯Ì¬Éú³ÉSqlÃüÁîʱûÓжÔÓû§ÊäÈëµÄÊý¾Ý½øÐÐ
ÑéÖ¤ÊÇSql×¢Èë¹¥»÷µÃ³ÑµÄÖ÷ÒªÔÒò¡£
±ÈÈ磺
Èç¹ûÄãµÄ²éѯÓï¾äÊÇselect * from admin where
username="&user&" and password="&pwd&""
ÄÇô£¬Èç¹ûÎÒµÄÓû§ÃûÊÇ£º1 or 1=1
ÄÇô£¬ÄãµÄ²éѯÓï¾ä½«»á±ä³É£º
select * from admin
where username=1 or 1=1 and password="&pwd&""
ÕâÑùÄãµÄ²éѯÓï¾ä¾Íͨ¹ýÁË£¬´Ó¶ø¾Í¿ÉÒÔ½øÈëÄãµÄ¹ÜÀí½çÃæ¡£
ËùÒÔ·À·¶µÄʱºòÐèÒª¶ÔÓû§µÄÊäÈë½øÐмì²é¡£ÌرðʽһЩÌØÊâ×Ö·û£¬±ÈÈçµ¥ÒýºÅ£¬Ë«ÒýºÅ£¬·ÖºÅ£¬¶ººÅ£¬Ã°ºÅ£¬Á¬½ÓºÅµÈ½øÐÐת»»»òÕß¹ýÂË¡£
ÐèÒª¹ýÂ˵ÄÌØÊâ×Ö·û¼°×Ö·û´®ÓУº
¡¡¡¡ net user
¡¡¡¡ xp_cmdshell
¡¡¡¡ /add
¡¡¡¡ exec
master.dbo.xp_cmdshell
¡¡¡¡ net localgroup administrators
¡¡¡¡ select
¡¡
¡¡ count
¡¡¡¡ Asc
¡¡¡¡ char
¡¡¡¡ mid
¡¡¡¡
¡¡¡¡ :
¡¡¡¡ "
¡¡¡¡
insert
¡¡¡¡ delete from
¡¡¡¡ drop table
¡¡¡¡ update
¡¡¡¡ truncate
¡¡
¡¡ from
¡¡¡¡ %
ÏÂÃæ¹ØÓÚ½â¾ö×¢Èëʽ¹¥»÷µÄ·À·¶´úÂ룬¹©´ó¼Òѧϰ²Î¿¼£¡
js°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂ룺
¡¡¡¡
<script language="javascript">
<!--
var url = location.search;
var
re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|\"|:|net%20user|\|%20or%20)(.*)/gi;
var e = re.test(url);
if(e) {
alert("µØÖ·Öк¬ÓзǷ¨×Ö·û¡«");
location.href="error.asp";
}
//-->
<script>
asp°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂë¡«£º
[CODE START]
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp =
"http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If
Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp =
strTemp & ":" & Request.ServerVariables("SERV
Ïà¹ØÎĵµ£º
1. In "MicroSoft SQL Server Management Studio", right click SQL Server instance, select "Properties", select "Security" in left panel and check "SQL Server and Windows Authentication mode" in right Panel.
2. In "SQL Server Configuration Manager", select "SQL Server Network Configuration > ......
Íâ¼ü
======================
Íâ¼üÊÇÏà¶ÔÓÚÖ÷¼ü˵µÄ£¬Êǽ¨Á¢±íÖ®¼ä µÄÁªÏµµÄ±ØÐëµÄÇ°Ìá¡£
±ÈÈ磺ѧÉú±í ¡¢Ñ§Éú³É¼¨±íÒ»Ò»¶ÔÓ¦ÊÇÒòΪ ËûÃǶ¼¾ßÓÐÏàͬµÄ×ֶΣºÑ§ºÅ£¬°ÑѧÉú±í×÷ΪÖ÷±í£¬Ñ§ºÅÊÇËûµÄÖ÷¼ü£¬Ïà¶ÔÓÚÖ÷±íÀ´Ëµ£¬Ñ§Éú³É¼¨µÄ×ֶΠѧºÅ¾ÍÊÇѧÉú±íµÄÍâ¼ü¡£
ûÓÐÍâ¼ü£¬Á½¸ö±í¾Íû°ì·¨½¨Á¢ÁªÏµ°¡£¡ ......
£¨1£©
Mcirosoft JET SQL ÖУ¬ÈÕÆÚÓÑ#’¶¨½ç¡£ÈÕÆÚÒ²¿ÉÒÔÓÃDatevalue()º¯ÊýÀ´´úÌæ¡£ÔڱȽÏ×Ö·ûÐ͵ÄÊý¾Ýʱ£¬Òª¼ÓÉϵ¥ÒýºÅ’’£¬Î²¿Õ¸ñÔڱȽÏÖб»ºöÂÔ¡£
Àý£º
WHERE OrderDate>#96-1-1#
Ò²¿ÉÒÔ±íʾΪ£º
WHERE OrderDate>Datevalue(‘1/1/96’)
ʹÓà NOT ±í´ïʽÇó·´¡£
Àý£ ......
AcessÓëSQLµÄÇø±ð
ÒÔÏÂ總結ÁË×Ô¼ºÔÚ項Ä¿ÖÐËùÓöµ½µÄÓÐ關Acess與SQL²î異µÄһЩµØ·½£º
1£¬¶ÔÓÚÈÕÆÚ×Ö¶Î×Ö¶Î
¡¡¡¡access±íʾΪ:#1981-28-12#
¡¡¡¡SQLSERVER2000±íʾΪ:''1981-02-12''
¡¡¡¡2,SQLÓï¾äÇø±ð£¬_select,_updateÔÚ¶Ôµ¥±í²Ù×÷ʱ¶¼²î²»¶à£¬
¡¡¡¡µ«¶à±í²Ù×÷ʱupdateÓï¾ ......
SQL Server 2000 ¸÷ÖÖ¶ÔÏóµÄ×î´óÖµ(ÊýÁ¿»ò´óС)
¹ÜÀíµÄÒ»¸öÊý¾Ý¿â´óС½«½ü10G£¬¿ªÊ¼µ£ÐÄÊý¾Ý¿â»á²»»á¹ý´ó£¬²éѯSQL ServerµÄÁª»ú´ÔÊéºó·¢ÏÖ×Ô¼ºµÄµ£ÐÄÕæµÄÊǶàÓàµÄ¡£
SQL Server 2000Êý¾Ý¿âÎļþ´óС£¨Êý¾Ý¡¢ÈÕÖ¾£©×î´ó¿ÉÒÔÖ§³Ö 32 TB µÄÎļþ
½ØÈ¡SQL Server 2000Áª»ú´ÔÊéÖеÄ×î´óÈÝÁ¿ËµÃ÷·½±ã´ó¼Ò²éÔÄ¡£
SQL ServerÊý¾Ý ......
