首先,创建一个SQLInjectionHelper类完成恶意代码的检查
代码如下:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Text.RegularExpressions;
/// <summary>
///SQLInjectionHelper 的摘要说明
/// </summary>
public
class
SQLInjectionHelper
{
/// <summary>
/// 获取Post的数据
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public
static
bool ValidUrlData(string request)
{
bool result = false;
if
(request ==
"POST"
)
{
for
(int i = 0; i < HttpContext.Current.Request.Form.
Count
; i++)
{
result = ValidData(HttpContext.Current.Request.Form[i].ToString());
if
(result)
{
break
;
}
}
}
else
{
for
(int i = 0; i < HttpContext.Current.Request.QueryString.
Count
; i++)
{
result = ValidData(HttpContext.Current.Request.QueryString[i].ToString());
if
(result)
{
break
;
}
}
}
return
result;
}
/// <summary>
/// 验证是否存在注入代码
/// </summary>
/// <param name="inputData"></param>
/// <returns></returns>
private
static
bool ValidData(string inputData)
{
//验证inputData是否包含恶意集合
if
(Regex.IsMatch(inputData, GetRegexString()))
{
return
true;
}
else
{
return
false;
}
}
/// <summary>
/// 获取正则表达式
/// </summary>
/// <returns></returns>
private
static
string GetRegexString()
{
//构造SQL的注入关键字符
string[] strChar = {
"and"
,
"exec"
,
"insert"
,
"select"
,
"update"
,
"delete"
,
"count"
,
"from"
,
"drop"
,
"asc"
,
"or"
,
"char"
,
"%"
,
";"
,
":"
,
"\'"
,
"\""
,
"-"
,
"chr"
,
"master"
,
"mid"
,
"truncate"
,
"declare"
,
"char"
,
"SiteName"
,
"/add"
,
"xp_cmdshell"
,
"net user"
,
"net localgroup administrators"
,
"exec master.dbo.xp_cmdshell"
};
string str_Regex =
".*("
;
for
(int i = 0; i < strChar.Length - 1; i++)
{
str_Regex += strChar[i] +
"|"
;
}
str_Regex += strChar[strChar.Length - 1] +
").*"
;
return
str_Regex;
}
}
|
有此类后即可使用Global.asax中的Application_BeginRequest(object sender, EventArgs e)事件来实现表单或者URL提交数据的获取,获取后传给SQLInjectionHelper类ValidUrlData方法来完成检查
代码如下
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
protected
void Application_BeginRequest(object sender, EventArgs e)
{
bool result = false;
result = SQLInjectionHelper.ValidUrlData(Request.RequestType.ToUpper());
if
(result)
{
Response.Write(
"您提交的数据有恶意字符"
);
Response.
End
();
}
}
|
下面以一个小程序测试:
创建一个页面,如下
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
<%@ Page Language=
"C#"
AutoEventWireup=
"true"
CodeFile=
"Default.aspx.cs"
Inherits=
"_Default"
%>
<!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"
>
<head runat=
"server"
>
<title></title>
</head>
<body>
<form id=
"form1"
runat=
"server"
>
<div>
<asp:TextBox ID=
"TextBox1"
runat=
"server"
></asp:TextBox>
<br />
<asp:Button ID=
"btnPost"
runat=
"server"
Text=
"获取Post数据"
onclick=
"btnPost_Click"
/>
</div>
<asp:Button ID=
"btnGet"
runat=
"server"
Text=
"获取Get数据"
onclick=
"btnGet_Click"
/>
</form>
</body>
</html>
|
分别添加单击事件,如下
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
|
protected
void btnPost_Click(object sender, EventArgs e)
{
}
protected
void btnGet_Click(object sender, EventArgs e)
{
Response.Redirect(
"Default.aspx?a=1&b=2&c=3"
);
}
|
在文本框中输入非法字符串,无论post请求还是get请求,都会被防SQL注入程序所截获
图1 测试防SQL注入程序的页面
转载于:http://www.cnblogs.com/shouce/p/5309538.html
2322
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
