SQL注入攻击是最常见的一种攻击方法,我们可以通过过滤一些sql关键字来达到目的,但是,我们又不想为每个参数,或者其它情况进行过滤,那样我们维护和管理都是十分的不方便,如果有全局控制当然最好不过。当然MS为我们提供了很多方法,这里介绍用Global的方法来进行全局处理。
原理:对每个请求都进行处理,然后进行判断是否有sql关键字。如果有,则返回错误提示页面去
下面是代码:
1、修改Global中的Application_BeginRequest:
EXFCODE:
protected void Application_BeginRequest(object sender, EventArgs e)
{
ProcessRequest pr = new ProcessRequest();
pr.StartProcessRequest();
}2、增加ProcessRequest类,增加函数StartProcessRequest进行检查:
EXFCODE:
public class ProcessRequest
{
#region SQL注入式攻击代码分析
/// <summary>
/// 处理用户提交的请求
/// </summary>
public void StartProcessRequest()
{
try
{
string getkeys = "";
string sqlErrorPage = "Error.html";
if (System.Web.HttpContext.Current.Request.QueryString != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage + "?errmsg=sqlserver&sqlprocess=true");
System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
if (string.IsNullOrEmpty(getkeys)) continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage + "?errmsg=sqlserver&sqlprocess=true");
System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Cookies != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Cookies.Count; i++)
{
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Cookies[i].Value))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage + "?errmsg=sqlserver&sqlprocess=true");
System.Web.HttpContext.Current.Response.End();
}
}
}
}
catch
{
// 错误处理: 处理用户提交信息!
}
}
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="Str">传入用户提交数据</param>
/// <returns>返回是否含有SQL注入式攻击代码</returns>
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str != "")
{
string SqlStr = "and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare ";
string[] anySqlStr = SqlStr.Split('|');
foreach (string ss in anySqlStr)
{
if (Str.IndexOf(ss) >= 0)
{
ReturnValue = false;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
#endregion
}