Ò׽ؽØͼÈí¼þ¡¢µ¥Îļþ¡¢Ãâ°²×°¡¢´¿ÂÌÉ«¡¢½ö160KB

½â¾öSQL Injection©¶´µÄÒ»¸öº¯Êý

½â¾öSQL Injection©¶´µÄÒ»¸öº¯Êý
http://blog.csdn.net/cncco/archive/2006/04/07/654254.aspx
º¯Êý
<%
Function CheckInput(str,strType)
   'º¯Êý¹¦ÄÜ£º¹ýÂË×Ö·û²ÎÊýÖеĵ¥ÒýºÅ£¬¶ÔÓÚÊý×Ö²ÎÊý½øÐÐÅжϣ¬Èç¹û²»ÊÇÊýÖµÀàÐÍ£¬Ôò¸³Öµ0
   '²ÎÊýÒâÒ壺  str        ---- Òª¹ýÂ˵IJÎÊý
   '                 strType ---- ²ÎÊýÀàÐÍ£¬·ÖΪ×Ö·ûÐͺÍÊý×ÖÐÍ£¬×Ö·ûÐÍΪ"s"£¬Êý×ÖÐÍΪ"i"
 Dim strTmp
 strTmp     = ""
 If strType ="s" Then
  strTmp = Replace(Trim(str),"'","'")
 ElseIf strType="i" Then
  If isNumeric(str)=False Then str="0"
  strTmp = str
 Else
  strTmp = str
 End If
 CheckInput = strTmp
End Function
%>
Õâ¸öº¯ÊýºÜ¼òµ¥£¬ Ö÷ÒªÊÇÕë¶Ô×Ö·û´®ºÍÊý×ÖÁ½ÖÖÀàÐ͵Ĵ«ÈëÊý¾Ý·Ö±ð½øÐÐÁË´¦Àí£¬¾ßÌåÓ÷¨£º
×Ö·ûÀàÐ͵Ä
strUsername = CheckInput(Request(“username“),“s“)
Êý×ÖÀàÐ͵Ä
ID = CheckInput(Request(“id“),“i“)
SQL InjectionµÄΣº¦ÊǺܴóµÄ£¬±ÈÈç¶ÔÓÚSQL Server£¬¿ÉÒÔ´´½¨¡¢É¾³ýÊý¾Ý¿â£¬Ö´ÐÐϵͳÃüÁîµÈµÈ£¬ Èçdrop table tbl_name, execute master.dbo.xp_cmdshell "command"ËùÒԺܶàÈËдµÄº¯Êý¾ÍÊÇÆ´ÃüµÄÈ¥¹ýÂËÕâЩ¿ÉÄÜÒýÆðΣº¦µÄ¹Ø¼ü´Ê£¬±ÈÈçdrop ,·ÖºÅ,and,exe,midµÈµÈ£¬ÂÞÁÐÁËÒ»´ó¶Ñ¡£
Æäʵ£¬¾¡¿ÉÒÔ²»±ØÄÇô·±Ëö£¬·ÇÒª°Ñ¼òµ¥µÄÊÂÇ鸴ÔÓ»¯¡£
¶ÔÓÚ¹ýÂË£¬ASPÖÐÖ»ÒªÕë¶Ô×Ö·ûÐͺÍÊý×ÖÐÍ·Ö±ð´¦Àí¾Í¿ÉÒÔÁË£¬
×Ö·ûÐ͵ģ¬°Ñµ¥ÒýºÅת»»³ÉÁ½¸öµ¥ÒýºÅ  strTmp = Replace(Trim(str),"'","'")
Êý×ÖÐ͵ģ¬¾ÍÅжÏÊÇ·ñÄܹ»×ª»»³ÉÊý×ÖÐ굀 £¬Óà isNumericº¯Êý
ÏÖÔÚÍøÉÏ˵µÄÄܹ»Èƹýµ¥ÒýºÅµÄ¹¥»÷£¬ÆäʵÊÇÕë¶ÔÊý×ÖÀàÐ͵Ä,Èç¹û¶ÔÓÚ¹ýÂËÁ˵¥ÒýºÅµÄ×Ö·ûÐÍ£¬»¹Óа취Èƹý£¬ÄǾÍûµÃÍæÁË........
±¾ÎÄÀ´×ÔCSDN²©¿Í£¬×ªÔØÇë±êÃ÷³ö´¦£ºhttp://blog.csdn.net/cncco/archive/2006/04/07/654254.aspx


Ïà¹ØÎĵµ£º

SQL plus³£ÓÃÃüÁî

1.µÇ½ϵͳÓû§
sqlplus È»ºóÊäÈëϵͳÓû§ÃûºÍÃÜÂë
µÇ½±ðµÄÓû§
conn Óû§Ãû/ÃÜÂë;
2.´´½¨±í¿Õ¼ä
create tablespace ¿Õ¼äÃû
datafile 'c:"¿Õ¼äÃû' size 15M --±í¿Õ¼äµÄ´æ·Å·¾¶,³õʼֵΪ15M
autoExtend on next 10M --¿Õ¼äµÄ×Ô¶¯Ôö³¤µÄÖµÊÇ10M
permanent online; --ÓÀ¾ÃʹÓÃ
3.´´½¨Óû§
create user s ......

SQLÊý¾Ý¿â³£ÓÃÃüÁî ´´½¨,ɾ³ý±í Ìí¼Ó,ÐÞ¸Ä,ɾ³ý×Ö¶Î

SQLÊý¾Ý¿â³£ÓÃÃüÁî-´´½¨,ɾ³ý±í-Ìí¼Ó,ÐÞ¸Ä,ɾ³ý×Ö¶Î
http://blog.csdn.net/cncco/archive/2009/08/08/4424555.aspx
'´´½¨±í
CREATE TABLE dbo£®CategoriesNew
(CategoryID intIDETITY (1£¬1) NOT NULL£¬
CategoryName nvarchar(15) NOT NULL£¬
Description ntext NULL£¬
Picture image NULL)
'ɾ³ý±í
DROP TABL ......

ÓÃADO¹ÜÀíSQL SERVER £¡

      ÔÚÈí¼þ¿ª·¢ÖУ¬³£³£ÐèҪΪ³ÌÐò½¨Á¢Sql ServerÊý¾Ý¿âµÄÔËÐл·¾³¡£Íê³ÉÈçÔÚSQL ServerÊý¾Ý¿âÖн¨Á¢É豸£¬½¨Á¢Êý¾Ý¿â£¬½¨Á¢±í¸ñ£¬·ÖÅäȨÏ޵ȹ¦ÄÜ£¬ÈçºÎ·½±ãµÄ½¨Á¢Ó¦ÓóÌÐòËùÐèSql Server»·¾³µÄÊý¾Ý¿â»·¾³£¬¶ø²»ÓÃÆô¶¯SQL Enterprise ManagerÄØ£¿
ÏÂÃæÀ´¿´£º 
¡¡¡¡Æô¶¯VB6.0£¬Ð½¨Ò»¸ö¹¤ ......

VBʵÏÖSQL ServerÊý¾Ý¿â±¸·Ý/»Ö¸´

VBʵÏÖSQL ServerÊý¾Ý¿â±¸·Ý/»Ö¸´
http://blog.csdn.net/cncco/archive/2006/05/15/729356.aspx
’**Ä£ ¿é Ãû£ºfBackupDatabase_a
’**Ãè    Êö£º±¸·ÝÊý¾Ý¿â,·µ»Ø³ö´íÐÅÏ¢,Õý³£»Ö¸´,·µ»Ø""
’**µ÷    ÓãºfBackupDatabase_a "±¸·ÝÎļþÃû","Êý¾Ý¿âÃû"
’**²ÎÊý˵Ã÷£ ......

±£»¤SQL ServerÊý¾Ý¿âµÄÊ®´ó¾øÕÐ

±£»¤SQL ServerÊý¾Ý¿âµÄÊ®´ó¾øÕÐ
http://blog.csdn.net/cncco/archive/2007/09/15/1785880.aspx
1. °²×°×îеķþÎñ°ü
ΪÁËÌá¸ß·þÎñÆ÷°²È«ÐÔ£¬×îÓÐЧµÄÒ»¸ö·½·¨¾ÍÊÇÉý¼¶µ½SQL Server 2000 Service Pack 3a (SP3a)¡£ÁíÍ⣬Äú»¹Ó¦¸Ã°²×°ËùÓÐÒÑ·¢²¼µÄ°²È«¸üС£
2. ʹÓÃMicrosoft»ùÏß°²È«ÐÔ·ÖÎöÆ÷£¨MBSA£©À´ÆÀ¹À·þÎñÆ÷µÄ°² ......
© 2009 ej38.com All Rights Reserved. ¹ØÓÚE½¡ÍøÁªÏµÎÒÃÇ | Õ¾µãµØͼ | ¸ÓICP±¸09004571ºÅ