星期日, 11月 16, 2008

sql injection的筆記

今天在在網路上找有關sql injection的文章時..看到兩個蠻好用的東西..記錄下來..

1.在Pet Shop找到一段regular expression用來測是否有sql injection的..我大概測試一下..好像還蠻ok的..

\s?;\s?|\s?drop\s|\s?grant\s|^'|\s?--|\s?union\s|\s?delete\s|\s?truncate\s|\s?sysobjects\s?|\s?xp_.*?|\s?syslogins\s?|\s?sysremote\s?|\s?sysusers\s?|\s?sysxlogins\s?|\s?sysdatabases\s?|\s?aspnet_.*?|\s?exec\s?|


2.在DotNetNuke看到一個method..

/// <summary>
/// This function verifies raw SQL statements to prevent SQL injection attacks
/// and replaces a similar function (PreventSQLInjection) from the Common.Globals.vb module
/// </summary>
/// <param name="strSQL">This is the string to be filtered</param>
/// <returns>Filtered UserInput</returns>
/// <remarks>
/// This is a private function that is used internally by the InputFilter function
/// </remarks>
private string FormatRemoveSQL( string strSQL )
{
string strCleanSQL = strSQL;

if( strSQL != null )
{
Array BadCommands = ";,--,create,drop,select,insert,delete,update,union,sp_,xp_".Split( ',' );

// strip any dangerous SQL commands
int intCommand;
for( intCommand = 0; intCommand <= BadCommands.Length - 1; intCommand++ )
{
strCleanSQL = Regex.Replace( strCleanSQL, Convert.ToString( BadCommands.GetValue( intCommand ) ),
" ", RegexOptions.IgnoreCase );
}

// convert any single quotes
strCleanSQL = strCleanSQL.Replace( "'", "''" );
}

return strCleanSQL;
}

有問題在一起討論ㄅ..PigPigPigPigPigPigPigPig..

ps:如果大家想測試..可以去這個網站..有一堆sql injection的code給你玩玩看..

相關網站:

沒有留言: