• 系统安全问题

    最近在处理项目中的安全问题,特别是Safe_SQL Injection的问题,所有在网上找了一下,记录一下。

    /// <summary>
    /// 创建SQL注入的类
    /// </summary>
    public class Safe_SQL Injection
    {

      private const string StrRegex = @"(alert|confirm|prompt)|^+/v(8|9)|(and|or).{1,6}?(=|>|<|in|like)|/*.+?*/|<s*script|<s*img|EXEC|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)";

      public static bool PostData()
      {
        bool result = false;

        for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++)
        {
          result = CheckData(HttpContext.Current.Request.Form[i].ToString());
          if (result)
          {
            break;
          }
        }
        return result;
      }

      public static bool GetData()
      {
        bool result = false;

        for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
        {
          result = CheckData(HttpContext.Current.Request.QueryString[i].ToString());
          if (result)
          {
            break;
          }
        }
        return result;
      }

      public static bool CookieData()
      {
        bool result = false;
        for (int i = 0; i < HttpContext.Current.Request.Cookies.Count; i++)
        {
          result = CheckData(HttpContext.Current.Request.Cookies[i].Value.ToLower());
          if (result)
          {
            break;
          }
        }
        return result;
      }

      

      public static bool referer()
      {
        bool result = false;
        return result = CheckData(HttpContext.Current.Request.UrlReferrer.ToString());
      }

      

      public static bool CheckData(string inputData)
      {
        if (Regex.IsMatch(inputData, StrRegex))
        {
          return true;
        }
        else
        {
          return false;
        }
      }
    }

    /// <summary>
    /// 在Global中调用
    /// </summary>

    protected void Application_BeginRequest(Object sender, EventArgs e)
    {
      if (Request.Cookies != null)
      {
        if (Safe_SQL Injection.CookieData())
        {
          Response.Write("您提交的Cookie数据有恶意字符!");
          Response.End();
        }
      }

      if (Request.UrlReferrer != null)
      {
        if (Safe_SQL Injection.referer())
        {
          Response.Write("您提交的Referrer数据有恶意字符!");
          Response.End();
        }
      }

      if (Request.RequestType.ToUpper() == "POST")
      {
        if (Safe_SQL Injection.PostData())
        {
          Response.Write("您提交的Post数据有恶意字符!");
          Response.End();
        }
      }

      if (Request.RequestType.ToUpper() == "GET")
      {
        if (Safe_SQL Injection.GetData())
        {
          Response.Write("您提交的Get数据有恶意字符!");
          Response.End();
        }
      }
    }
  • 相关阅读:
    关于机器人流量对抗的一点感想
    保卫"木叶",从火影剧情看网站攻防的演变
    自动化工具层级图
    对抗恶意机器人/自动化行为的新思路与方案
    C++ 数组、链表和二叉树的比较
    #ifndef和#define区别
    xavier上安装teamviewer
    Ubuntu16.04 下有关conda虚拟环境的一些使用方法
    vector中push_back和emplace_back的区别
    int、int16、int32、int64、float、float16、float32、float64
  • 原文地址:https://www.cnblogs.com/wucan/p/6272843.html
Copyright © 2020-2023  润新知