瀹夊叏娉ㄦ剰浜嬮」ASP瀹夊叏缂栫▼娉ㄦ剰浜嬮」
瀹夊叏娉ㄦ剰浜嬮」:ASP瀹夊叏缂栫▼娉ㄦ剰浜嬮」
鐤鐙備唬鐮 http://http://www.zjjv.com/// ?:http:/CrazyCoder.cn/WebSecurity/Article68468.html
銆銆寰堝氫汉鎶辨ˋSP瀹夊叏涓嶉珮銆侀熷害涓嶅揩鍏跺疄ASP涔熷緢浼樼鐢≒HP鏍峰彲浠ュ啓鍑烘媺鍦剧敤ASP渚濈劧鍙浠ュ啓鍑哄緢
浼樼瀹夊叏楂樹笉楂樺彇鍐充簬缂栫▼鑰匬HP渚濈劧鍙浠ュ啓鍑烘紡娲炵櫨鍑烘墍浠ュ埆鎶辨ˋSP杩欐牱閭f牱姣涚梾鎴戝啓ASP宸茬粡 3骞村氫簡鐩
閮借や负瀹冨緢鏂逛究铏界劧鏈変簺鍦版柟鍐欑潃寰堝嶆潅鍙婁笉涓奝HP杩欐牱ASP鍐欑潃鎰熻夋洿鐖芥妸澶氬勾鏁寸悊鎬荤粨浜汚SP甯歌佸畨鍏ㄤ簨
椤瑰啓鍑烘潵
銆銆銆佸彜鑰佺粫楠岃瘉婕忔礊
銆銆铏界劧鍙よ佷緷鐒跺瓨鍦ㄤ簬寰堝氬皬鐨勪腑姣斿備簺浼佷笟缃戠珯WebSite鍚庡彴绠鍗曡皥璋堣繖涓婕忔礊鍑虹幇鍦ㄦ病鏈夊规帴鍙楀彉閲忚繘
琛岃繃婊ゅ甫鍏ユ暟鎹搴撳垽鏂鏌ヨ㈡椂閫犳垚SQL璇鍙ラ昏緫闂棰樹緥濡備互涓嬩唬鐮佸瓨鍦ㄩ棶棰:
銆銆username=request("username")
銆銆password=request("password")
銆銆sql = "select * from user where username='" & username & "' and password='" & password & "'"
銆銆寰堝规槗鐪嬪嚭鍦ㄦ病鏈夊箄sername銆乸assword杩涜岃繃婊ゅ氨甯﹀叆SQL璇鍙ヨ繘琛屽垽鏂浜嗘彁浜'or''='SQL璇鍙ュ氨鍙
鎴愪簡select * from user where username=''or''='' and password=''or''=''杩斿洖鍊间负ture
銆銆鑸鍦ㄧ櫥褰曞勮繃婊や唬鐮佸備笅:
銆銆replace(request.form("username"),"'","")
銆銆replace(request.form("password"),"'","")
銆銆涓婇潰鎸囧畾浜哖OST鏂瑰紡鎺ュ彈鎻愪氦杩囨潵鏁版嵁鎸囧畾鎺ュ彈鏂瑰紡寰堥噸瑕佷笅闈㈣皥璋
銆銆 2銆佹寚瀹氭帴鍙楁暟鎹鎻愪氦鏂瑰紡
銆銆ASP涓璕equest瀵硅薄鍙浠ユ帴鍙桮ET銆丳OST銆丆OOKIES璇锋眰灏嗗叾绠鍖栧啓鎴**=Request("鍙傛暟")鏍煎紡鎺ュ彈鏁版嵁
姝ゆ椂WEB鎺ュ彈鏁版嵁鏃跺厛浠GET鏂瑰紡鎺ュ彈濡傛灉涓嶅尮閰嶅啀浠POST鏂瑰紡鎺ュ彈鏈鍚庡啀浠Cookies鏂瑰紡鎺ュ彈涔熷氨鏄
Cookies娉ㄥ皠閫犳垚鍘熷洜
銆銆鎸囧畾鎺ュ彈鏂瑰紡涓嶄粎鍙浠ラ伩鍏岰ookies娉ㄥ皠杩樺彲浠ユ彁楂榃EB澶勭悊閫熷害
銆銆涓瀛樺湪闂棰樹唬鐮佸備笅:
銆銆id=request("id")
銆銆sql="select * from Articles where id="&id&""
銆銆 rs=conn.execute(sql)
銆銆杩欓噷涓嶇id杩囨护娌℃湁杩囨护鍏抽敭鏄痠d鎺ュ彈鏃舵病鏈夋寚瀹氭帴鍙楁柟寮忛犳垚浜咰ookies娉ㄥ皠
銆銆杩欐牱鍐:
銆銆id=request.QueryString("id")
銆銆sql="select * from Articles where id="&id&""
銆銆 rs=conn.execute(sql)
銆銆id浣跨敤浜唃et鏂瑰紡鎺ュ彈鏁版嵁
銆銆 3銆丠tmlEnCode
銆銆HtmlEnCode鏄疉SP涓璖erver涓瀵硅薄鍙浠ョ洿鎺ユ牸寮忓寲HTML涓嶈鎵ц屽湪娴忚堝櫒涓婃瘮濡備互涓嬩唬鐮:
銆銆<%
銆銆lx="<script>alert('test')</script>"
銆銆response.write lx
銆銆%>
銆銆鏈鍚庢祻瑙堟椂寮瑰嚭鎻愮ず绐楀彛
銆銆濡傛灉鏀规垚浠ヤ笅浠g爜:
銆銆<%
銆銆lx="<script>alert('test')</script>"
銆銆lx=Server.HtmlEncode(lx)
銆銆response.write lx
銆銆%>
銆銆娴忚堝櫒鐩存帴鏄剧ず<script>alert('test')</script>,HTML浠g爜鐩存帴琚鏍煎紡鍖栦簡
銆銆杩欎釜瀵硅薄寰堟湁鐢ㄨ埇鍦ㄦ帴鍙楁暟鎹涓嶉渶瑕佷娇鐢℉TML浠g爜鏍煎紡鎯呭喌涓嬬洿鎺ヤ娇鐢ㄥ畠杩涜岃繃婊ゆ瘮濡傛悳绱㈢粨鏋滄樉绀恒
鐣欒█鏉跨瓑绛夊:
銆銆test=request.QueryString("test")
銆銆response.write test
銆銆浠ヤ笂浠g爜涓璽est娌℃湁杩涜岃繃婊ょ洿鎺ユ樉绀轰簡濡傛灉test鎺ュ彈涓鍐呭逛负<script>alert("test")</script>鏃朵唬鐮佽鎵
琛屽氨浼氬脊鍑轰釜鍐呭逛负test鎻愮ず
銆銆鏀瑰啓涓轰笅:
銆銆test=server.htmlencode(request.QueryString("test"))
銆銆response.write test
銆銆閭d箞鍐嶆℃彁浜<script>alert("test")</script>娴忚堝櫒灏辨樉绀烘"<script>alert("test")</script>".
銆銆 4銆佹敞灏勬紡娲
銆銆娉ㄥ皠鏂归潰灏变笉澶氫粙缁嶄簡浠嬬粛璧锋潵澶澶氫簡澶у朵篃寰堢啛鎮夌洿鎺ヨ撮槻鑼冩濊矾鏂规硶鏈夐棶棰樹唬鐮佸備笅:
銆銆id=request("id")
銆銆sql="select * from Articles where id="&id&""
銆銆 rs=conn.execute(sql)
銆銆鏄庢樉id涓嶈繘琛岃繃婊ゅ甫鍏ヤ簡SQL鏌ヨ㈡渶绠鍗曟濊矾鏂规硶灏辨槸鍒ゆ柇id鏄鍚︿负鏁村瀷鏁版嵁浠g爜濡備笅:
銆銆id=Request("id")
銆銆 Not IsNumeric(id) then ; ; ; '杩欓噷鐢↖sNumeric鍒ゆ柇id鏄鍚︿负鏁村瀷
銆銆Response.write "鎻愪氦"
銆銆Response.end
銆銆sql="select * from Articles where id="&id&""
銆銆 rs=conn.execute(sql)
銆銆end
銆銆杩樺彲浠ヤ娇鐢ㄥ垽鏂鎻愪氦鍐呭规槸鍚﹀惈鏈夐潪娉曠洿鎺ヨ创浠g爜浠g爜鏄浠ュ墠灏忚摑Tryaspwebsystem涓闃叉敞灏勪唬鐮佺粡杩囨垜
浠涓や釜鏀逛簡鍙堟敼:
銆銆<%
銆銆dim sql_injdata
銆銆SQL_injdata =
"'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
銆銆SQL_inj = split(SQL_Injdata,"|")
銆銆'get鎷︽埅
銆銆If Request.QueryString<>"" Then
銆銆For Each SQL_Get In Request.QueryString
銆銆For SQL_Data=0 To Ubound(SQL_inj)
銆銆 instr(LCase(Request.QueryString(SQL_Get)),Sql_Inj(Sql_DATA))>0 Then
銆銆Response.Write "闈炴硶鎻愪氦"
銆銆Response.end
銆銆end
銆銆next
銆銆Next
銆銆End If
銆銆'post娉ㄥ叆鎷︽埅 If Request.Form<>"" Then
銆銆For Each Sql_Post In Request.Form
銆銆For SQL_Data=0 To Ubou