MSSQL 网站项目被 注入 的主要表现为:在 数据库 字段中加入了script src=http://aaa.bbb.ccc/js.js /script 类似这样的一段代码。 数据库 典型的JS 注入 。 主要原因为3 1、攻击者获得SQLServer的读写权限,直接操作 数据库 进行 注入 解决方式 sql2000做法
MSSQL 网站项目被注入的主要表现为:在数据库字段中加入了 类似这样的一段代码。数据库典型的JS注入。
主要原因为3
1、攻击者获得SQLServer的读写权限,直接操作数据库进行注入
解决方式
sql2000做法:
1.不要使用sa用户连接数据库
2、新建一个public权限数据库用户,并用这个用户访问数据库
3、[角色]去掉角色public对sysobjects与syscolumns对象的select访问权限
4、[用户]用户名称-> 右键-属性-权限-在sysobjects与syscolumns上面打“×”
5、通过以下代码检测(失败表示权限正确,如能显示出来则表明权限太高):
DECLARE @T varchar(255),
@C varchar(255)
DECLARE Table_Cursor CURSOR FOR
Select a.name,b.name from sysobjects a,syscolumns b
where a.id=b.id and a.xtype= 'u ' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN print @c
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
sql2005做法:
1、在系统视图找到sysobjects a,syscolumns b ,属性,进入权限,找到SELECT后面拒绝打勾即可。
2、通过字符串进行注入。
解决方式:
凡是输入字符串全部格式化,过滤JS语句以及SQLServer关键字
1、字符串过滤JS代码先
代码
#region 过滤JS/CSS脚本
///
/// 过滤JS脚本
///
///要过滤的内容
///
///<script><frameset></script>
///
/// img的攻击样式为 
等,所以去掉所有的javascript代码
publicstaticstring WipeScript(string html)
{
if (string.IsNullOrEmpty(html)) return html;
System.Text.RegularExpressions.Regex regex =new System.Text.RegularExpressions.Regex(@"<script></script>", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex.Replace(html, ""); //过滤<script></script>标记
System.Text.RegularExpressions.Regex regex1 =new System.Text.RegularExpressions.Regex(@" href *= *[\s\S]*script *:", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex1.Replace(html, ""); //过滤href=javascript: () 属性
System.Text.RegularExpressions.Regex regex2 =new System.Text.RegularExpressions.Regex(@" on[\s\S]*=", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex2.Replace(html, " _disibledevent="); //过滤其它控件的on...事件
System.Text.RegularExpressions.Regex regex3 =new System.Text.RegularExpressions.Regex(@"", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex3.Replace(html, ""); //过滤iframe
System.Text.RegularExpressions.Regex regex4 =new System.Text.RegularExpressions.Regex(@"", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex4.Replace(html, ""); //过滤frameset
System.Text.RegularExpressions.Regex regex5 =new System.Text.RegularExpressions.Regex(@"javascript:", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex5.Replace(html, ""); //过滤所有javascript
System.Text.RegularExpressions.Regex regex6 =new System.Text.RegularExpressions.Regex(@":*expression", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex6.Replace(html, ""); //过滤所有javascript
System.Text.RegularExpressions.Regex regex7 =new System.Text.RegularExpressions.Regex(@"", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex7.Replace(html, ""); //
System.Text.RegularExpressions.Regex regex8 =new System.Text.RegularExpressions.Regex(@" src *= *[\s\S]*script *:", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex1.Replace(html, ""); //过滤src=javascript: (
System.Text.RegularExpressions.Regex regex9 =new System.Text.RegularExpressions.Regex(@"", System.Text.RegularExpressions.RegexOptions.IgnoreCase);
html = regex3.Replace(html, ""); //过滤applet,放弃对applet的支持
return html;
}
#endregion
2、字符串过滤SQLServer关键词
代码
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
3、传值字符串过滤SQLServer关键词
代码
protectedvoid Application_BeginRequest(Object sender, EventArgs e)
{
//SQL防注入
string Sql_1 ="exec|insert+|select+|delete+|update+|count|chr|mid|master+|truncate|char|declare|drop+|drop+table|creat+|creat+table";
string Sql_2 ="exec+|insert|insert+|delete+|update+|count(|count+|chr+|+mid(|+mid+|+master+|truncate+|char+|+char(|declare+|drop+|creat+|drop+table|creat+table";
string[] sql_c = Sql_1.Split('|');
string[] sql_c1 = Sql_2.Split('|');
if (Request.QueryString !=null)
{
foreach (string sl in sql_c)
{
if (Request.QueryString.ToString().ToLower().IndexOf(sl.Trim()) >=0)
{
Response.Write("警告!你的IP已经被记录!不要使用敏感字符!");//
Response.Write(sl);
Response.Write(Request.QueryString.ToString());
Response.End();
break;
}
}
}
if (Request.Form.Count >0)
{
string s1 = Request.ServerVariables["SERVER_NAME"].Trim();//服务器名称
if (Request.ServerVariables["HTTP_REFERER"] !=null)
{
string s2 = Request.ServerVariables["HTTP_REFERER"].Trim();//http接收的名称
string s3 ="";
if (s1.Length > (s2.Length -7))
{
s3 = s2.Substring(7);
}
else
{
s3 = s2.Substring(7, s1.Length);
}
if (s3 != s1)
{
Response.Write("警告!你的IP已经被记录!不要使用敏感字符!");//
Response.End();
}
}
}
}
3、获取web.config的数据连接字符串
解决方式:web.config进行加密
asp.net 2.0 加密web.config
aspnet_regiis -pe "connectionStrings" -app "/xx" (xx为应用程序名)
解密:aspnet_regiis -pd "connectionStrings" -app "/xx"
加密后,web.config如图:
解密后,如图:
加密后的web.config程序可正常访问,且解密与加密必须在同一机器才有效(A机器上加密的web.config只有在A机器才可解密)。
能想到的就是这些,后面再发生问题,再不断完善。请列位同仁不断指正。
Explain the ACID properties (Atomicity, Consistency, Isolation, Durability).Apr 16, 2025 am 12:20 AMACID attributes include atomicity, consistency, isolation and durability, and are the cornerstone of database design. 1. Atomicity ensures that the transaction is either completely successful or completely failed. 2. Consistency ensures that the database remains consistent before and after a transaction. 3. Isolation ensures that transactions do not interfere with each other. 4. Persistence ensures that data is permanently saved after transaction submission.
MySQL: Database Management System vs. Programming LanguageApr 16, 2025 am 12:19 AMMySQL is not only a database management system (DBMS) but also closely related to programming languages. 1) As a DBMS, MySQL is used to store, organize and retrieve data, and optimizing indexes can improve query performance. 2) Combining SQL with programming languages, embedded in Python, using ORM tools such as SQLAlchemy can simplify operations. 3) Performance optimization includes indexing, querying, caching, library and table division and transaction management.
MySQL: Managing Data with SQL CommandsApr 16, 2025 am 12:19 AMMySQL uses SQL commands to manage data. 1. Basic commands include SELECT, INSERT, UPDATE and DELETE. 2. Advanced usage involves JOIN, subquery and aggregate functions. 3. Common errors include syntax, logic and performance issues. 4. Optimization tips include using indexes, avoiding SELECT* and using LIMIT.
MySQL's Purpose: Storing and Managing Data EffectivelyApr 16, 2025 am 12:16 AMMySQL is an efficient relational database management system suitable for storing and managing data. Its advantages include high-performance queries, flexible transaction processing and rich data types. In practical applications, MySQL is often used in e-commerce platforms, social networks and content management systems, but attention should be paid to performance optimization, data security and scalability.
SQL and MySQL: Understanding the RelationshipApr 16, 2025 am 12:14 AMThe relationship between SQL and MySQL is the relationship between standard languages and specific implementations. 1.SQL is a standard language used to manage and operate relational databases, allowing data addition, deletion, modification and query. 2.MySQL is a specific database management system that uses SQL as its operating language and provides efficient data storage and management.
Explain the role of InnoDB redo logs and undo logs.Apr 15, 2025 am 12:16 AMInnoDB uses redologs and undologs to ensure data consistency and reliability. 1.redologs record data page modification to ensure crash recovery and transaction persistence. 2.undologs records the original data value and supports transaction rollback and MVCC.
What are the key metrics to look for in an EXPLAIN output (type, key, rows, Extra)?Apr 15, 2025 am 12:15 AMKey metrics for EXPLAIN commands include type, key, rows, and Extra. 1) The type reflects the access type of the query. The higher the value, the higher the efficiency, such as const is better than ALL. 2) The key displays the index used, and NULL indicates no index. 3) rows estimates the number of scanned rows, affecting query performance. 4) Extra provides additional information, such as Usingfilesort prompts that it needs to be optimized.
What is the Using temporary status in EXPLAIN and how to avoid it?Apr 15, 2025 am 12:14 AMUsingtemporary indicates that the need to create temporary tables in MySQL queries, which are commonly found in ORDERBY using DISTINCT, GROUPBY, or non-indexed columns. You can avoid the occurrence of indexes and rewrite queries and improve query performance. Specifically, when Usingtemporary appears in EXPLAIN output, it means that MySQL needs to create temporary tables to handle queries. This usually occurs when: 1) deduplication or grouping when using DISTINCT or GROUPBY; 2) sort when ORDERBY contains non-index columns; 3) use complex subquery or join operations. Optimization methods include: 1) ORDERBY and GROUPB
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.
WebStorm Mac version
Useful JavaScript development tools
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
