·À·¶SQL×¢Èëʽ¹¥»÷
SQL×¢Èëʽ¹¥»÷ÊÇÀûÓÃÊÇÖ¸ÀûÓÃÉè¼ÆÉϵÄ©¶´£¬ÔÚÄ¿±ê·þÎñÆ÷ÉÏÔËÐÐSqlÃüÁîÒÔ¼°½øÐÐÆäËû·½Ê½µÄ¹¥»÷¶¯Ì¬Éú³ÉSqlÃüÁîʱûÓжÔÓû§ÊäÈëµÄÊý¾Ý½øÐÐÑéÖ¤ÊÇSql×¢Èë¹¥»÷µÃ³ÑµÄÖ÷ÒªÔÒò¡£
±ÈÈ磺
Èç¹ûÄãµÄ²éѯÓï¾äÊÇselect * from admin where username="&user&" and password="&pwd&""
ÄÇô£¬Èç¹ûÎÒµÄÓû§ÃûÊÇ£º1 or 1=1
ÄÇô£¬ÄãµÄ²éѯÓï¾ä½«»á±ä³É£º
select * from admin where username=1 or 1=1 and password="&pwd&""
ÕâÑùÄãµÄ²éѯÓï¾ä¾Íͨ¹ýÁË£¬´Ó¶ø¾Í¿ÉÒÔ½øÈëÄãµÄ¹ÜÀí½çÃæ¡£
ËùÒÔ·À·¶µÄʱºòÐèÒª¶ÔÓû§µÄÊäÈë½øÐмì²é¡£ÌرðʽһЩÌØÊâ×Ö·û£¬±ÈÈçµ¥ÒýºÅ£¬Ë«ÒýºÅ£¬·ÖºÅ£¬¶ººÅ£¬Ã°ºÅ£¬Á¬½ÓºÅµÈ½øÐÐת»»»òÕß¹ýÂË¡£
£¨³ýÁËÉÏÃæµÄ·½Ê½Í⻹¿ÉÒÔͨ¹ý´æ´¢¹ý³ÌÀ´·À·¶SQL×¢Èë¹¥»÷£©
ÐèÒª¹ýÂ˵ÄÌØÊâ×Ö·û¼°×Ö·û´®ÓУº
¡¡¡¡ net user
¡¡¡¡ xp_cmdshell
¡¡¡¡ /add
¡¡¡¡ exec master.dbo.xp_cmdshell
¡¡¡¡ net localgroup administrators
¡¡¡¡ select
¡¡¡¡ count
¡¡¡¡ Asc
¡¡¡¡ char
¡¡¡¡ mid
¡¡¡¡
¡¡¡¡ :
¡¡¡¡ "
¡¡¡¡ insert
¡¡¡¡ delete from
¡¡¡¡ drop table
¡¡¡¡ update
¡¡¡¡ truncate
¡¡¡¡ from
¡¡¡¡ %
ÏÂÃæ¹ØÓÚ½â¾ö×¢Èëʽ¹¥»÷µÄ·À·¶´úÂ룬¹©´ó¼Òѧϰ²Î¿¼£¡
js°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂ룺
¡¡¡¡
<script language="javascript">
<!--
var url = location.search;
var re=/^\?(.*)(select%20|insert%20|delete%20from%20|count\(|drop%20table|update%20truncate%20|asc\(|mid\(|char\(|xp_cmdshell|exec%20master|net%20localgroup%20administrators|\"|:|net%20user|\|%20or%20)(.*)$/gi;
var e = re.test(url);
if(e) {
alert("µØÖ·Öк¬ÓзǷ¨×Ö·û¡«");
location.href="error.asp";
}
//-->
<script>
asp°æµÄ·À·¶SQL×¢Èëʽ¹¥»÷´úÂë¡«£º
[CODE START]
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & Request.ServerVariables("SERVER_PORT")
strTemp = strTemp & Request.ServerVariables("
Ïà¹ØÎĵµ£º
ÎÒÃÇÒª×öµ½²»µ«»áдSQL£¬»¹Òª×öµ½Ð´³öÐÔÄÜÓÅÁ¼µÄSQLÓï¾ä¡£
¡¡¡¡
¡¡¡¡£¨1£©Ñ¡Ôñ×îÓÐЧÂʵıíÃû˳Ðò(Ö»ÔÚ»ùÓÚ¹æÔòµÄÓÅ»¯Æ÷ÖÐÓÐЧ)£º
¡¡¡¡
¡¡¡¡OracleµÄ½âÎöÆ÷°´ÕÕ´ÓÓÒµ½×óµÄ˳Ðò´¦Àífrom×Ó¾äÖеıíÃû£¬from×Ó¾äÖÐдÔÚ×îºóµÄ±í(»ù´¡±í driving table)½«±»×îÏÈ´¦Àí£¬ÔÚfrom×Ó¾äÖаüº¬¶à¸ö±íµÄÇé¿öÏÂ,Äã±ØÐëÑ¡Ôñ ......
×÷Õߣº²»Ïê ³ö´¦£ºÍøÂçתÔØ 2009/11/18 10:35:22 ÔĶÁ 109 ´Î
¡¡¡¡¼¼Êõˮƽ×ÜÄÜÔÚ³¶Æ¤ºÍ´µÃ«Çó´ÃÖеõ½Ìá¸ß¡£Èç¹û´ÓÀ´²»“Çó´Ã”£¬¿ÉÄܾͲ»»áÖªµÀif(str != "")²»Èçif(str != string.Empty)¸ßЧ¡¢ÅúÁ¿²åÈëºÍɾ³ýµÄsqlÓï¾äÊÇÒªÄÇÑùд²ÅÖ´ÐÐ×î¿ì¡¢½Ó¿ÚºÍ³éÏóÀàµÄÇø±ð²»½öÊÇÓïÑÔ²ãÃæ¡¢ ......
ËäȻ˵ÎÒÃǾ¡Á¿ÔÚд³ÌÐòµÄʱºò¿ØÖƲåÈëµ½Êý¾Ý¿âµÄÊý¾Ý£¬¶ø²»ÒªÓÃÊý¾Ý¿âÈ¥ÅжÏÊý¾ÝµÄ¶Ô´í£¬µ«ÊÇÓÐʱºòΪÁË·½±ã»¹ÊÇÐèÒªÊý¾Ý¿â×ÔÉíµÄÈÝ´íÄÜÁ¦À´°ïÖúÎÒÃǴﵽĿµÄµÄ¡£¾ÙÀý˵Ã÷£º
´´½¨ÈçÏÂÊý¾Ý±í
CREATE TABLE `book` (
`id` int(11) default NULL,
`num` int(11) unsigned default NULL
) ENGINE=InnoDB DE ......
SQL Server2005°æ±¾ºÅ£º
Ҫȷ¶¨ËùÔËÐÐµÄ SQL Server 2005 µÄ°æ±¾£¬ÇëʹÓà SQL Server Management Studio Á¬½Óµ½ SQL Server 2005£¬È»ºóÔËÐÐÒÔÏ Transact-SQL Óï¾ä£º(´ËSQLÓï¾äͬÑùÊÊÓÃÓÚSQL2000)
SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')
²éѯ½á¹ûÈçÏ£ ......
½ñÌì¸ãµÄ£¬°ïͬʲéѯÊý¾Ý£¬ÏÈд¸ö´¥·¢Æ÷£¬½ØÈ¡http://www.chinaroyalgroup.cn/aspnet_client/system_web/2_0_50727/dispbbs.asp?boardid=1&id=836ÀïµÄÓòÃû
IF EXISTS (SELECT name from sysobjects
WHERE name = 'gs_MySub' AND type = 'P')
DROP PROCEDURE gs_MySub
......
