装McAfee HIP和Firewall吧,VSE规则只能防止恶意修改、中毒等。
以下内容来自网络:
1.asp.net防SQLJS注入攻击:过滤标记
/// <summary>
/// 过滤标记
/// </summary>
/// <param name="NoHTML">包括HTML,脚本,数据库关键字,特殊字符的源码 </param>
/// <returns>已经去除标记后的文字</returns>
public static string NoHTML(string Htmlstring)
{
if (Htmlstring == null)
{
return "";
}
else
{
//删除脚本
Htmlstring = Regex.Replace(Htmlstring, @"<script[^>]*?>.*?</script>", "", RegexOptions.IgnoreCase);
//删除HTML
Htmlstring = Regex.Replace(Htmlstring, @"<(.[^>]*)>", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"([\r\n])[\s]+", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"-->", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"<!--.*", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(quot|#34);", "\"", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(amp|#38);", "&", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(lt|#60);", "<", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(gt|#62);", ">", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(nbsp|#160);", " ", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(iexcl|#161);", "\xa1", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(cent|#162);", "\xa2", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(pound|#163);", "\xa3", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&(copy|#169);", "\xa9", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, @"&#(\d+);", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
//删除与数据库相关的词
Htmlstring = Regex.Replace(Htmlstring, "select", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "insert", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "delete from", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "count''", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "drop table", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "truncate", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "asc", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "mid", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "char", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "xp_cmdshell", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "exec master", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "net localgroup administrators", "", RegexOptions.IgnoreCase);
Htmlstring = Regex.Replace(Htmlstring, "and", "", RegexOptions.IgnoreCase);
return Htmlstring ;
}
}
2.js 防止sql注入
js 防止sql注入
式攻击是利用是指利用设计上的漏洞,在目标服务器上运行Sql命令以及进行其他方式的攻击
动态生成Sql命令时没有对用户输入的数据进行验证是Sql注入攻击得逞的主要原因。
比如:
如果你的查询语句是select * from admin where username=" user " and password=" pwd ""
那么,如果我的用户名是:1 or 1=1
那么,你的查询语句将会变成:
select * from admin where username=1 or 1=1 and password=" pwd ""
这样你的查询语句就通过了,从而就可以进入你的管理界面。
所以防范的时候需要对用户的输入进行检查。特别式一些特殊字符,比如单引号,双引号,分号,逗号,冒号,连接号等进行转换或者过滤。
需要过滤的特殊字符及字符串有:
net localgroup administrators
下面是我写的两种关于解决注入式攻击的防范代码,供大家学习参考!
js版的防范式攻击代码~:
[CODE START]
script language="javascript"
var url = location.search;
var re=/^\?(.*)(select |insert |delete from |count\(|drop table|update truncate |asc\(|mid\(|char\(|xp_cmdshell|exec master|net localgroup administrators|\"|:|net user|\| or )(.*)$/gi;
alert("地址中含有非法字符~");
[CODE END]
asp版的防范式攻击代码~:
[CODE START]
On Error Resume Next
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = strTemp Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") 80 Then strTemp = strTemp ":" Request.ServerVariables("SERVER_PORT")
strTemp = strTemp Request.ServerVariables("URL")
If Trim(Request.QueryString) "" Then strTemp = strTemp "?" Trim(Request.QueryString)
strTemp = LCase(strTemp)
If Instr(strTemp,"select ") or Instr(strTemp,"insert ") or Instr(strTemp,"delete from") or Instr(strTemp,"count(") or Instr(strTemp,"drop table") or Instr(strTemp,"update ") or Instr(strTemp,"truncate ") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec master") or Instr(strTemp,"net localgroup administrators") or Instr(strTemp,":") or Instr(strTemp,"net user") or Instr(strTemp,"") or Instr(strTemp," or ") then
Response.Write " script language=javascript "
Response.Write "alert(非法地址!!);"
3.JS过滤SQL注入字符
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>标题页</title>
<script LANGUAGE="JavaScript">
function check(inputStr) {
if (typeof(inputStr) != "string") { return inputStr; } //判断是否是字符串类型
var tmpValue = inputStr;
//以下搜索字符串中的特殊字符,如果存在,则替换成""
while (tmpValue.indexOf(';') > -1) {tmpValue = tmpValue.replace(';',''); }
while (tmpValue.indexOf('<') > -1) {tmpValue = tmpValue.replace('<',''); }
while (tmpValue.indexOf('>') > -1) {tmpValue = tmpValue.replace('>',''); }
while (tmpValue.indexOf('--') > -1) {tmpValue = tmpValue.replace('--',''); }
while (tmpValue.indexOf(",") > -1) {tmpValue = tmpValue.replace(",",""); }
while (tmpValue.indexOf("'") > -1) {tmpValue = tmpValue.replace("'",""); }
while (tmpValue.indexOf("?") > -1) {tmpValue = tmpValue.replace("?",""); }
document.getElementByIdx_x("txt1").value = tmpValue; //重新显示更改后的变量
}
</script>
</head>
<body>
<input type=text id="txt1" value="select * from userinfo where username=zhang' and passwrod=2" style="width: 392px">
<input type=button value="提交" onClick="check(txt1.value)">
</body>
</html>
4.防止sql注入式攻击(可用于UI层控制)
#region 防止sql注入式攻击(可用于UI层控制)
///
/// 判断字符串中是否有SQL攻击代码
///
/// 传入用户提交数据
/// true-安全;false-有注入攻击现有;
public bool ProcessSqlStr( string inputString)
{
string SqlStr = @"
and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net
+localgroup +administrators " ;
try
{
if ((inputString != null ) && (inputString != String.Empty))
{
string str_Regex = @" \b( " + SqlStr + @" )\b " ;
Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
// string s = Regex.Match(inputString).Value;
if ( true == Regex.IsMatch(inputString))
return false ;
}
}
catch
{
return false ;
}
return true ;
}
///
/// 处理用户提交的请求,校验sql注入式攻击,在页面装置时候运行
/// System.Configuration.ConfigurationSettings.AppSettings["ErrorPage"].ToString(); 为用户自定义错误页面提示地址,
/// 在Web.Config文件时里面添加一个 ErrorPage 即可
///
///
///
public void ProcessRequest()
{
try
{
string getkeys = "" ;
string sqlErrorPage = System.Configuration.ConfigurationSettings.AppSettings[ " ErrorPage " ].ToString();
if (System.Web.HttpContext.Current.Request.QueryString != null )
{
for ( int i = 0 ; i < System.Web.HttpContext.Current.Request.QueryString.Count; i ++ )
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys;
if ( ! ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage + " ?errmsg= " + getkeys + " 有SQL攻击嫌疑! " );
System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null )
{
for ( int i = 0 ; i < System.Web.HttpContext.Current.Request.Form.Count; i ++ )
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys;
if ( ! ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage + " ?errmsg= " + getkeys + " 有SQL攻击嫌疑! " );
System.Web.HttpContext.Current.Response.End();
}
}
}
}
catch
{
// 错误处理: 处理用户提交信息!
}
}
#endregion
转换sql代码(也防止sql注入式攻击,可以用于业务逻辑层,但要求UI层输入数据时候进行解码) #region 转换sql代码(也防止sql注入式攻击,可以用于业务逻辑层,但要求UI层输入数据时
候进行解码)
///
/// 提取字符固定长度
///
///
///
///
public string CheckStringLength( string inputString, Int32 maxLength)
{
if ((inputString != null ) && (inputString != String.Empty))
{
inputString = inputString.Trim();
if (inputString.Length > maxLength)
inputString = inputString.Substring( 0 , maxLength);
}
return inputString;
}
///
/// 将输入字符串中的sql敏感字,替换成"[敏感字]",要求输出时,替换回来
///
///
///
public string MyEncodeInputString( string inputString)
{
// 要替换的敏感字
string SqlStr = @"
and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net
+localgroup +administrators " ;
try
{
if ((inputString != null ) && (inputString != String.Empty))
{
string str_Regex = @" \b( " + SqlStr + @" )\b " ;
Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
// string s = Regex.Match(inputString).Value;
MatchCollection matches = Regex.Matches(inputString);
for ( int i = 0 ; i < matches.Count; i ++ )
inputString = inputString.Replace(matches.Value, " [ " + matches.Value + " ] " );
}
}
catch
{
return "" ;
}
return inputString;
}
///
/// 将已经替换成的"[敏感字]",转换回来为"敏感字"
///
///
///
public string MyDecodeOutputString( string outputstring)
{
// 要替换的敏感字
string SqlStr =
@"and|or|exec|execute|insert|select|delete|update|alter|create|drop|count|\*|chr|char|asc|mid|substring|master|truncate|declare|xp_cmdshell|restore|backup|net +user|net
+localgroup +administrators " ;
try
{
if ((outputstring != null ) && (outputstring != String.Empty))
{
string str_Regex = @" \[\b( " + SqlStr + @" )\b\] " ;
Regex Regex = new Regex(str_Regex, RegexOptions.IgnoreCase);
MatchCollection matches = Regex.Matches(outputstring);
for ( int i = 0 ; i < matches.Count; i ++ )
outputstring = outputstring.Replace(matches.Value, matches.Value.Substring( 1 , matches .Value.Length - 2 ));
}
}
catch
{
return "" ;
}
return outputstring;
}
#endregion
我们的解决方式是:
1、首先在UI录入时,要控制数据的类型和长度、防止SQL注入式攻击,系统提供检测注入式攻击的函数,一旦检测出注入式攻击,该数据即不能提交;
2、业务逻辑层控制,通过在方法内部将SQL关键字用一定的方法屏蔽掉,然后检查数据长度,保证提交SQL时,不会有SQL数据库注入式攻击代码;但是这样处理后,要求UI输出时将屏蔽的字符还原。因此系统提供屏蔽字符的函数和还原字符的函数。
3、在数据访问层,绝大多数采用存储过程访问数据,调用时以存储过程参数的方式访问,也会很好的防止注入式攻击。
|
发表于 2012-9-27 14:23:03
