通过HttpModule实现数据库防注入
2007-11-26 16:13
507 查看
昨天刚把数据库防注入的原型发了上去,发觉好像还漏了点东西,现在把它全部补上.
Sql注入是常常被一些菜鸟级黑客高手惯用的手法, 就是基于Sql的注入实现, 防注入程序其实就是处理Http请求,把Get和Post的请求数据中做过滤.
通过相应的关键字去识别是否有 Sql注入攻击代码
string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
在下面的代码中你要看以上面的定义, 其实就是定义要识别的关键字.
而我们处理请求一般都是通过 Request.QueryString / Request.Form 这两种, 我们可以专门写一个类去处理这些请求, 但如果在每一个处理环节都载入这个类去做处理, 那太麻烦了.
如果写一个ISAPI当然也能完成这个功能的实现, 但在.NET 中 HttpModule帮我们实现了类似于ISAPI Filter的功能, 所以改为通过 HttpModule 去处理这些事情是最好不过的啦.
我们现在要用到的只是里面的BeginRequest这个事件, 所以只需要注册BeginRequest这个事件就可以了.
1
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
public class SqlstrAny : IHttpModule
2
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
3
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Init(HttpApplication application)
4
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
5
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
application.BeginRequest += (new
6
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
EventHandler(this.Application_BeginRequest));
7
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
8
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
private void Application_BeginRequest(Object source, EventArgs e)
9
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
10
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ProcessRequest pr = new ProcessRequest();
11
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
pr.StartProcessRequest();
12
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
13
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Dispose()
14
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
15
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
16
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockEnd.gif)
}
17
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
public class ProcessRequest
18
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
19
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
(数据库防注入的核心 请参阅: http://s.sams.cnblogs.com/articles/377624.html) 20
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockEnd.gif)
}
记得在前面载入相应名字空间哦.
using System;
using System.Web;
忘了还得加个自定名字空间 namespace Theme.Script
以上就是通Application_BeginRequest实现的
ProcessRequest pr = new ProcessRequest();
pr.StartProcessRequest();
(数据库防注入的核心 请参阅: http://s.sams.cnblogs.com/articles/377624.html)
完整的类如下:
//-----------------SqlstrAny.cs------------------------
1
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
using System;
2
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
using System.Web;
3
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
namespace Theme.Script
4
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
5
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public class SqlstrAny : IHttpModule
6
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
7
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Init(HttpApplication application)
8
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
9
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
application.BeginRequest += (new
10
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
EventHandler(this.Application_BeginRequest));
11
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
12
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
private void Application_BeginRequest(Object source, EventArgs e)
13
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
14
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
//HttpApplication Application = (HttpApplication)source;
15
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
//HttpResponse Response=Application.Context.Response;
16
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
//Response.Write("<h1>Beginning of Request</h1><hr>");
17
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ProcessRequest pr = new ProcessRequest();
18
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
pr.StartProcessRequest();
19
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
20
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Dispose()
21
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
22
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
23
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
24
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
25
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public class ProcessRequest
26
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
27
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
SQL注入式攻击代码分析#region SQL注入式攻击代码分析
28
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
/**//// <summary>
29
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// 处理用户提交的请求
30
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
/// </summary>
31
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void StartProcessRequest()
32
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
33
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
try
34
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
35
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string getkeys = "";
36
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString();
37
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (System.Web.HttpContext.Current.Request.QueryString != null)
38
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
39
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
40
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
for(int i=0;i<System.Web.HttpContext.Current.Request.QueryString.Count;i++)
41
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
42
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
43
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
44
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
45
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
46
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.End();
47
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
48
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
49
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
50
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (System.Web.HttpContext.Current.Request.Form != null)
51
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
52
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
for(int i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)
53
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
54
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
55
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
56
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
57
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
58
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.End();
59
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
60
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
61
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
62
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
63
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
catch
64
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
65
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
// 错误处理: 处理用户提交信息!
66
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
67
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
68
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
/**//// <summary>
69
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// 分析用户请求是否正常
70
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// </summary>
71
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// <param name="Str">传入用户提交数据</param>
72
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
/// <returns>返回是否含有SQL注入式攻击代码</returns>
73
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
private bool ProcessSqlStr(string Str)
74
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
75
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
bool ReturnValue = true;
76
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
try
77
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
78
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (Str != "")
79
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
80
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
81
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string[] anySqlStr = SqlStr.Split('|');
82
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
foreach (string ss in anySqlStr)
83
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
84
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (Str.IndexOf(ss)>=0)
85
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
86
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ReturnValue = false;
87
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
88
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
89
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
90
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
91
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
catch
92
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
93
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ReturnValue = false;
94
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
95
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
return ReturnValue;
96
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
97
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
#endregion
98
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
99
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
100
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockEnd.gif)
}
101
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
102
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
编写完处理后,我们把它生成类库请在Bin的目录下
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
csc.exe /t:library SqlstrAny.cs /r:C:/windows/Microsoft.NET/Framework/v1.1.4322/Microsoft.VisualBasic.dll
编译完后你会发现已经生成了一个 SqlstrAny.Dll 文件,这个就是我们需要的.
最后在 Web.Config 中注册它就可以用了.
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<system.web>
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<httpModules>
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<add name="SqlstrAny" type="Theme.Script.SqlstrAny,SqlstrAny" />
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
</httpModules>
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
</system.web>
最后别忘了在 Web.Config 中加入错误处理的导向页面哦.
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<add key="CustomErrorPage" value="../Error.html" />
至此,所有步骤就完成了, 打你的项目运行它, 在URL后加上 Select / and ...试试
http://localhost/Theme.Script/Process/CreatePay.aspx?action=select s&t=true
OK,完成!
源码下载: http://www.cnblogs.com/Files/S.Sams/SqlstrAny.rar
-- S.Sams Lifexperience!
Sql注入是常常被一些菜鸟级黑客高手惯用的手法, 就是基于Sql的注入实现, 防注入程序其实就是处理Http请求,把Get和Post的请求数据中做过滤.
通过相应的关键字去识别是否有 Sql注入攻击代码
string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
在下面的代码中你要看以上面的定义, 其实就是定义要识别的关键字.
而我们处理请求一般都是通过 Request.QueryString / Request.Form 这两种, 我们可以专门写一个类去处理这些请求, 但如果在每一个处理环节都载入这个类去做处理, 那太麻烦了.
如果写一个ISAPI当然也能完成这个功能的实现, 但在.NET 中 HttpModule帮我们实现了类似于ISAPI Filter的功能, 所以改为通过 HttpModule 去处理这些事情是最好不过的啦.
我们现在要用到的只是里面的BeginRequest这个事件, 所以只需要注册BeginRequest这个事件就可以了.
1
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
public class SqlstrAny : IHttpModule
2
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
3
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Init(HttpApplication application)
4
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
5
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
application.BeginRequest += (new
6
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
EventHandler(this.Application_BeginRequest));
7
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
8
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
private void Application_BeginRequest(Object source, EventArgs e)
9
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
10
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ProcessRequest pr = new ProcessRequest();
11
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
pr.StartProcessRequest();
12
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
13
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Dispose()
14
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
15
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
16
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockEnd.gif)
}
17
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
public class ProcessRequest
18
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
19
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
(数据库防注入的核心 请参阅: http://s.sams.cnblogs.com/articles/377624.html) 20
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockEnd.gif)
}
记得在前面载入相应名字空间哦.
using System;
using System.Web;
忘了还得加个自定名字空间 namespace Theme.Script
以上就是通Application_BeginRequest实现的
ProcessRequest pr = new ProcessRequest();
pr.StartProcessRequest();
(数据库防注入的核心 请参阅: http://s.sams.cnblogs.com/articles/377624.html)
完整的类如下:
//-----------------SqlstrAny.cs------------------------
1
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
using System;
2
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
using System.Web;
3
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
namespace Theme.Script
4
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
5
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public class SqlstrAny : IHttpModule
6
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
7
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Init(HttpApplication application)
8
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
9
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
application.BeginRequest += (new
10
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
EventHandler(this.Application_BeginRequest));
11
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
12
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
private void Application_BeginRequest(Object source, EventArgs e)
13
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
14
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
//HttpApplication Application = (HttpApplication)source;
15
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
//HttpResponse Response=Application.Context.Response;
16
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
//Response.Write("<h1>Beginning of Request</h1><hr>");
17
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ProcessRequest pr = new ProcessRequest();
18
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
pr.StartProcessRequest();
19
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
20
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void Dispose()
21
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
22
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
23
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
24
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
25
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public class ProcessRequest
26
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
27
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
SQL注入式攻击代码分析#region SQL注入式攻击代码分析
28
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
/**//// <summary>
29
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// 处理用户提交的请求
30
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
/// </summary>
31
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
public void StartProcessRequest()
32
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
33
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
try
34
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
35
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string getkeys = "";
36
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings["CustomErrorPage"].ToString();
37
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (System.Web.HttpContext.Current.Request.QueryString != null)
38
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
39
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
40
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
for(int i=0;i<System.Web.HttpContext.Current.Request.QueryString.Count;i++)
41
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
42
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
43
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
44
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
45
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
46
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.End();
47
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
48
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
49
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
50
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (System.Web.HttpContext.Current.Request.Form != null)
51
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
52
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
for(int i=0;i<System.Web.HttpContext.Current.Request.Form.Count;i++)
53
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
54
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
55
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
56
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
57
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.Redirect (sqlErrorPage+"?errmsg=sqlserver&sqlprocess=true");
58
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
System.Web.HttpContext.Current.Response.End();
59
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
60
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
61
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
62
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
63
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
catch
64
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
65
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
// 错误处理: 处理用户提交信息!
66
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
67
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
68
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
/**//// <summary>
69
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// 分析用户请求是否正常
70
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// </summary>
71
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
/// <param name="Str">传入用户提交数据</param>
72
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
/// <returns>返回是否含有SQL注入式攻击代码</returns>
73
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
private bool ProcessSqlStr(string Str)
74
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
75
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
bool ReturnValue = true;
76
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
try
77
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
78
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (Str != "")
79
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
80
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
81
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
string[] anySqlStr = SqlStr.Split('|');
82
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
foreach (string ss in anySqlStr)
83
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
84
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
if (Str.IndexOf(ss)>=0)
85
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
86
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ReturnValue = false;
87
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
88
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
89
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
90
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
91
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
catch
92
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockStart.gif)
![](http://www.cnblogs.com/Images/OutliningIndicators/ContractedSubBlock.gif)
![](http://www.cnblogs.com/Images/dot.gif)
{
93
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
ReturnValue = false;
94
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
95
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
return ReturnValue;
96
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
97
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
#endregion
98
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedSubBlockEnd.gif)
}
99
![](http://www.cnblogs.com/Images/OutliningIndicators/InBlock.gif)
100
![](http://www.cnblogs.com/Images/OutliningIndicators/ExpandedBlockEnd.gif)
}
101
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
102
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
编写完处理后,我们把它生成类库请在Bin的目录下
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
csc.exe /t:library SqlstrAny.cs /r:C:/windows/Microsoft.NET/Framework/v1.1.4322/Microsoft.VisualBasic.dll
编译完后你会发现已经生成了一个 SqlstrAny.Dll 文件,这个就是我们需要的.
最后在 Web.Config 中注册它就可以用了.
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<system.web>
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<httpModules>
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<add name="SqlstrAny" type="Theme.Script.SqlstrAny,SqlstrAny" />
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
</httpModules>
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
</system.web>
最后别忘了在 Web.Config 中加入错误处理的导向页面哦.
![](http://www.cnblogs.com/Images/OutliningIndicators/None.gif)
<add key="CustomErrorPage" value="../Error.html" />
至此,所有步骤就完成了, 打你的项目运行它, 在URL后加上 Select / and ...试试
http://localhost/Theme.Script/Process/CreatePay.aspx?action=select s&t=true
OK,完成!
源码下载: http://www.cnblogs.com/Files/S.Sams/SqlstrAny.rar
-- S.Sams Lifexperience!
相关文章推荐
- 通过HttpModule实现数据库防注入
- 通过HttpModule实现数据库防注入
- 通过HttpModule实现数据库防注入
- 通过HttpModule实现数据库防注入
- 通过HttpModule实现数据库防注入
- 通过HttpModule实现数据库防注入
- Android通过Http连接MySQL 实现登陆/注册(数据库+service+客户端)【大部分转自帮客之家】
- 通过HttpModule实现IP地址屏蔽功能 (转)
- Android通过Http连接MySQL 实现登陆/注册(数据库+服务器+客户端)
- 使用 HttpModule实现sql防注入
- 通过HttpModule实现IP地址屏蔽功能
- Android通过Http连接MySQL 实现登陆/注册(数据库+服务器+客户端),android+mysql
- 通过实现IHttpModule初始化Nhibernate的Session
- Android通过Http连接MySQL 实现登陆/注册(数据库+服务器+客户端)
- Android通过Http连接MySQL 实现登陆/注册(数据库+服务器+客户端)
- Android通过Http连接MySQL 实现登陆/注册(数据库+服务器+客户端)
- 通过HttpModule实现Fckeditor的分目录上传
- Android通过Http连接MySQL 实现登陆/注册(数据库+服务器+客户端)
- Android通过Http连接MySQL 实现登陆/注册(数据库+服务器+客户端),androidmysql
- 使用 HttpModule实现sql防注入