目录
- 引言
- 敏感词过滤
- 参数化
- open普通查询
- 动态参数查询
- table动态
- 执行查询
- 执行更新
引言
asp项目,在sql查询使用字符串拼接情况下,会受到sql注入攻击,可以使用敏感词过滤和参数化语句进行修改。
敏感词过滤
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql
\’自定义需要过滤的字串,用 \”|\” 分隔
Fy_In = \”\’|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|exist|drop\”
Kill_IP=True
WriteSql=True
\’———————————-
Fy_Inf = split(Fy_In,\”|\”)
\’——–POST部份——————
If Request.Form<>\”\” Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
Response.Redirect \”/index.asp\”
Response.End
End If
Next
Next
End If
If Request.QueryString<>\”\” Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
Response.Redirect \”/index.asp\”
Response.End
End If
Next
Next
End If
对敏感词URL进行过滤,重定位或进行其他处理
参数化
Public Function execSqlOpen(connect,cursorType,lockType,args())
set cmdTemp = server.CreateObject(\”ADODB.Command\”)
cmdTemp.ActiveConnection = connect
cmdTemp.Prepared = true
cmdTemp.CommandText = args(0)
Dim i
For i = 1 To UBound(args)
set paramTemp = cmdTemp.CreateParameter(\”\”,201,1,Len(args(i))+10,args(i))
cmdTemp.Parameters.Append paramTemp
Next
set rsTemp=server.CreateObject(\”adodb.recordset\”)
rsTemp.open cmdTemp,,cursorType,lockType
set execSqlOpen = rsTemp
end function
Public Function execSqlExecute(connect,args())
set cmdTemp = server.CreateObject(\”ADODB.Command\”)
cmdTemp.ActiveConnection = connect
cmdTemp.Prepared = true
cmdTemp.CommandText = args(0)
Dim i
For i = 1 To UBound(args)
set paramTemp = cmdTemp.CreateParameter(\”\”,201,1,Len(args(i))+10,args(i))
cmdTemp.Parameters.Append paramTemp
Next
set execSqlExecute = cmdTemp.execute
end function
封装这两个函数,然后进行修改
- 1.使用open的调用execSqlOpen(需要调用close,视原代码是否close决定),使用execute的调用execSqlExecute(不调用close)
- 2.需要返回值的用set 一个变量接收,不需要的用call调用
- 3.表名动态拼接的,无法使用占位符,使用原始拼接方式
- 4.使用like的,内部使用?占位,外部使用字符串拼接前后%("%"&keyword&"%")
例子如下:
open普通查询
sql=\”select * from table where column=\’\”&column&\”\’\”
set rs=server.CreateObject(\”ADODB.recordset\”)
rs.Open sql,conn,1,1
=>
dim args
args = Array(\”select * from table where column = ?\”,column)
set rs = execSqlOpen(conn,1,1,args)
动态参数查询
sql=\”select * from table where 1=1 and column1=\’\”&request(\”column1\”)&\”\’\”
if column2<>\”\” then
sql=sql&\” and column2 like \’%\”&column2&\”%\’\”
end if
if column3<>\”\” then
sql=sql&\” and column3 =\”&column3&\”\”
end if
sql=sql&\” order by column4 desc;\”
Set rs= Server.CreateObject(\”ADODB.Recordset\”)
rs.open sql,conn,1,1
=>
dim args
args = Array(\”select * from table where 1=1 and column1=?\”,request(\”column1\”))
if column2<>\”\” then
args(0)=args(0)&\” and column2 like ?\”
ReDim Preserve args(UBound(args)+1)
args(UBound(args)) = \”%\”&column2&\”%\”
end if
if column3<>\”\” then
args(0)=args(0)&\” and column3 =?\”
ReDim Preserve args(UBound(args)+1)
args(UBound(args)) = column3
end if
args(0)=args(0)&\” order by column4 desc;\”
set rs = execSqlOpen(conn,1,1,args)
table动态
Set Rs_t=Conn.Execute(\”Select column From \”&table&\” where column1=\”&column1)
=>
dim args
args = Array(\”Select column From \”&table&\” where column1=?\”,column1)
set Rs_t = execSqlExecute(conn,args)
执行查询
set rs=conn.execute(\”select * from table where column=\”&request(\”column\”))
=>
dim args
args = Array(\”select * from table where column = ?\”,request(\”column\”))
set rs = execSqlExecute(conn,args)
执行更新
conn.execute(\”update table set column = \’\”&column&\”\’\”)
=>
dim args
args = Array(\”update table set column = ?\”,column)
call execSqlExecute(conn,args)
以上就是asp防sql注入攻击技巧实例详解的详细内容,更多关于asp防sql注入攻击的资料请关注悠久资源网其它相关文章!
您可能感兴趣的文章:
- Go语言防范SQL注入CSRF及XSS攻击实例探究
- SQL 日期处理视图创建(常见数据类型查询防范 SQL注入)
- ABAPOPENSQL注入漏洞防御方法示例
- SQL注入宽字节注入由浅到深学习
- SQL注入的四种防御方法总结
- 防护网站存在的sql注入攻击漏洞措施