不过也多亏这注入,让我知道怎么简单的分析IIS日志了,呵呵,原来只要ctrl+f查找20%字符串就行,查到到如下东西
/forum/show.aspx titleid=318
&caid
=20%20And%20Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00)%20as%20varchar(1))%2Bchar(124)=1 80 - 117.32.250.106 Mozilla/4.0 302 0 0
呵呵,原来show.aspx这个页面没有经过验证,赶快补上。。。
然后自己用.NET做了个检测数据库中的表中的字段中的内容有没有注入脚本的页面,看来以后每天都得要运行这个页面检测一次哦!!!
using
System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Data;
public partial class niunantest : System.Web.UI.Page
{
protected void Page_Load( object sender, EventArgs e)
{
}
protected void Button1_Click( object sender, EventArgs e)
{
string sql_tbName =
" SELECT name FROM sysobjects " +
" WHERE xtype = 'U' AND OBJECTPROPERTY (id, 'IsMSShipped') = 0 " +
" order by name " ;
// 获取数据库中所有的用户表
DataTable dt_tbName = myClass.myDataGet.getTable(sql_tbName);
foreach (DataRow row in dt_tbName.Rows)
{
string tbName = row[ " name " ].ToString();
string sql_tbColName =
" select column_name,data_type from information_schema.columns " +
" where table_name =' " + tbName + " ' " ;
// 获取表中所有的字段
DataTable dt_tbColName = myClass.myDataGet.getTable(sql_tbColName);
foreach (DataRow row2 in dt_tbColName.Rows)
{
string tbColName = row2[ " column_name " ].ToString();
string tbColType = row2[ " data_type " ].ToString();
if (tbColType == " char " || tbColType == " nchar " || tbColType == " varchar "
|| tbColType == " nvarchar " || tbColType == " text " )
{
string sql_count =
" select COUNT(*) from [ " + tbName + " ] where [ " + tbColName + " ] like '%<script%' " ;
// 判断该表该字段中是否含有script脚本
int count = int .Parse(myClass.myDataGet.getDataScalar(sql_count).ToString());
if (count > 0 )
{
Response.Write(tbName + " 表中的 " + tbColName +
" 字段含有脚本!<br>SQL语句:<span style='color:blue;'> " + HttpUtility.HtmlEncode(sql_count) + " </span><br><br> " );
}
}
}
}
}
}
把代码记录下来,以备后用!
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Data;
public partial class niunantest : System.Web.UI.Page
{
protected void Page_Load( object sender, EventArgs e)
{
}
protected void Button1_Click( object sender, EventArgs e)
{
string sql_tbName =
" SELECT name FROM sysobjects " +
" WHERE xtype = 'U' AND OBJECTPROPERTY (id, 'IsMSShipped') = 0 " +
" order by name " ;
// 获取数据库中所有的用户表
DataTable dt_tbName = myClass.myDataGet.getTable(sql_tbName);
foreach (DataRow row in dt_tbName.Rows)
{
string tbName = row[ " name " ].ToString();
string sql_tbColName =
" select column_name,data_type from information_schema.columns " +
" where table_name =' " + tbName + " ' " ;
// 获取表中所有的字段
DataTable dt_tbColName = myClass.myDataGet.getTable(sql_tbColName);
foreach (DataRow row2 in dt_tbColName.Rows)
{
string tbColName = row2[ " column_name " ].ToString();
string tbColType = row2[ " data_type " ].ToString();
if (tbColType == " char " || tbColType == " nchar " || tbColType == " varchar "
|| tbColType == " nvarchar " || tbColType == " text " )
{
string sql_count =
" select COUNT(*) from [ " + tbName + " ] where [ " + tbColName + " ] like '%<script%' " ;
// 判断该表该字段中是否含有script脚本
int count = int .Parse(myClass.myDataGet.getDataScalar(sql_count).ToString());
if (count > 0 )
{
Response.Write(tbName + " 表中的 " + tbColName +
" 字段含有脚本!<br>SQL语句:<span style='color:blue;'> " + HttpUtility.HtmlEncode(sql_count) + " </span><br><br> " );
}
}
}
}
}
}
扫一扫
1248
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
