防止数据库注入的一点小总结

1.数据库用户不能用sa  新建一个用户单独操作使用的数据库

2取消 Sysobjects  columns 表的select权限

3网站代码过滤

4POST GET url过滤

 

Code
/// <summary>    
    /// 过滤xss攻击脚本   
    /// </summary>    
    /// <param name="input">传入字符串</param>    
    /// <returns>过滤后的字符串</returns>    
    public static string FilterXSS(string html)
    {
        if (string.IsNullOrEmpty(html)) return string.Empty;
        // CR(0a) ，LF(0b) ，TAB(9) 除外，过滤掉所有的不打印出来字符.     
        // 目的防止这样形式的入侵＜java\0script＞   
        // 注意：\n, \r,  \t 可能需要单独处理，因为可能会要用到   
        string ret = System.Text.RegularExpressions.Regex.Replace(html, "([\x00-\x08][\x0b-\x0c][\x0e-\x20])", string.Empty);
        //替换所有可能的进制构建的恶意代码   
        //<IMG SRC=@avascript:a&_#X6Cert('XSS')>    
        string chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*()~`;:?+/={}[]-_|'\"\\";
        for (int i = 0; i < chars.Length; i++)
        {
            ret = System.Text.RegularExpressions.Regex.Replace(ret, string.Concat("(&#[x|X]0{0,}", Convert.ToString((int)chars[i], 16).ToLower(), ";?)"), chars[i].ToString(), System.Text.RegularExpressions.RegexOptions.IgnoreCase);
        }
        //过滤\t, \n, \r构建的恶意代码  
        string[] keywords = {"javascript", "vbscript",
"expression", "applet", "meta", "xml", "blink", "link", "style", 
"script", "embed", "object", "iframe", "frame", "frameset", "ilayer", 
"layer", "bgsound", "title", "base","onabort", "onactivate", "onafterprint", "onafterupdate", 
"onbeforeactivate", "onbeforecopy", "onbeforecut", 
"onbeforedeactivate", "onbeforeeditfocus", "onbeforepaste", 
"onbeforeprint", "onbeforeunload", "onbeforeupdate", "onblur", 
"onbounce", "oncellchange", "onchange", "onclick", "oncontextmenu", 
"oncontrolselect", "oncopy", "oncut", "ondataavailable", 
"ondatasetchanged", "ondatasetcomplete", "ondblclick", "ondeactivate", 
"ondrag", "ondragend", "ondragenter", "ondragleave", "ondragover", 
"ondragstart", "ondrop", "onerror", "onerrorupdate", "onfilterchange", 
"onfinish", "onfocus", "onfocusin", "onfocusout", "onhelp", 
"onkeydown", "onkeypress", "onkeyup", "onlayoutcomplete", "onload", 
"onlosecapture", "onmousedown", "onmouseenter", "onmouseleave", 
"onmousemove", "onmouseout", "onmouseover", "onmouseup", 
"onmousewheel", "onmove", "onmoveend", "onmovestart", "onpaste", 
"onpropertychange", "onreadystatechange", "onreset", "onresize", 
"onresizeend", "onresizestart", "onrowenter", "onrowexit", 
"onrowsdelete", "onrowsinserted", "onscroll", "onselect", 
"onselectionchange", "onselectstart", "onstart", "onstop", "onsubmit", 
"onunload"};
        bool found = true;
        while (found)
        {
            string retBefore = ret;
            for (int i = 0; i < keywords.Length; i++)
            {
                string pattern = "/";
                for (int j = 0; j < keywords[i].Length; j++)
                {
                    if (j > 0)
                        pattern = string.Concat(pattern, '(', "(&#[x|X]0{0,8}([9][a][b]);?)?", "|({0,8}([9][10][13]);?)?", ")?");
                    pattern = string.Concat(pattern, keywords[i][j]);
                }
                string replacement = string.Concat(keywords
[i].Substring(0, 2), "＜x＞", keywords[i].Substring(2));
                ret = System.Text.RegularExpressions.Regex.Replace(ret, pattern, replacement, System.Text.RegularExpressions.RegexOptions.IgnoreCase);
                if (ret == retBefore)
                    found = false;
            }
        }
    }

 

 

Code
// JScript 文件
 
var str= location.search; 
var gs="select|update|insert|drop|from|truncate|xp_|exec|xp_cmdshell|delete|administrators|xp_cmdshell|asc|mid|exec|count|'|>|<|--";
var list=new Array()
var flag=true;
list=gs.split('|');
for(var i=0;i<list.length;i++)
{
    var s=list[i];
    if(str.indexOf(s)>-1)
    {
        alert("地址中含有非法字符～"+s);
             location.href="/error.aspx";
             break;
    } 
} 

 

Global.asax

 

Code
  protected void Application_BeginRequest(Object sender, EventArgs e)
    {
        //遍历Post参数，隐藏域除外
        foreach (string i in this.Request.Form)
        {
            if (i == "__VIEWSTATE") continue;
            this.goErr(this.Request.Form[i].ToString());
        }
        //遍历Get参数。
        foreach (string i in this.Request.QueryString)
        {
            this.goErr(this.Request.QueryString[i].ToString());
        }
    }

    private void goErr(string tm)
    {
        if (SqlFilter2(tm))
            this.Response.Redirect("~/index.aspx");
    }

    public static bool SqlFilter2(string InText)
    {
        string word = "and|exec|insert|select|delete|update|chr|mid|master|or|truncate|char|declare|join";
        if (InText == null)
            return false;
        foreach (string i in word.Split('|'))
        {
            if ((InText.ToLower().IndexOf(i + " ") > -1) || (InText.ToLower().IndexOf(" " + i) > -1))
            {
                return true;
            }
        }
        return false;
    }