asp.net下检测SQL注入式攻击代码
程序员文章站
2024-03-11 09:40:13
两个类: (页面数据校验类)pagevalidate.cs 基本通用。 代码如下: 复制代码 代码如下:using system; using system.text; u...
两个类:
(页面数据校验类)pagevalidate.cs 基本通用。
代码如下:
using system;
using system.text;
using system.web;
using system.web.ui.webcontrols;
using system.text.regularexpressions;
namespace common
{
/// <summary>
/// 页面数据校验类
/// </summary>
public class pagevalidate
{
private static regex regnumber = new regex("^[0-9]+$");
private static regex regnumbersign = new regex("^[+-]?[0-9]+$");
private static regex regdecimal = new regex("^[0-9]+[.]?[0-9]+$");
private static regex regdecimalsign = new regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等价于^[+-]?\d+[.]?\d+$
private static regex regemail = new regex("^[\\w-]+@[\\w-]+\\.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或数字的字符串,和 [a-za-z0-9] 语法一样
private static regex regchzn = new regex("[\u4e00-\u9fa5]");
public pagevalidate()
{
}
#region 数字字符串检查
/// <summary>
/// 检查request查询字符串的键值,是否是数字,最大长度限制
/// </summary>
/// <param name="req">request</param>
/// <param name="inputkey">request的键值</param>
/// <param name="maxlen">最大长度</param>
/// <returns>返回request查询字符串</returns>
public static string fetchinputdigit(httprequest req, string inputkey, int maxlen)
{
string retval = string.empty;
if(inputkey != null && inputkey != string.empty)
{
retval = req.querystring[inputkey];
if(null == retval)
retval = req.form[inputkey];
if(null != retval)
{
retval = sqltext(retval, maxlen);
if(!isnumber(retval))
retval = string.empty;
}
}
if(retval == null)
retval = string.empty;
return retval;
}
/// <summary>
/// 是否数字字符串
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isnumber(string inputdata)
{
match m = regnumber.match(inputdata);
return m.success;
}
/// <summary>
/// 是否数字字符串 可带正负号
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isnumbersign(string inputdata)
{
match m = regnumbersign.match(inputdata);
return m.success;
}
/// <summary>
/// 是否是浮点数
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isdecimal(string inputdata)
{
match m = regdecimal.match(inputdata);
return m.success;
}
/// <summary>
/// 是否是浮点数 可带正负号
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isdecimalsign(string inputdata)
{
match m = regdecimalsign.match(inputdata);
return m.success;
}
#endregion
#region 中文检测
/// <summary>
/// 检测是否有中文字符
/// </summary>
/// <param name="inputdata"></param>
/// <returns></returns>
public static bool ishaschzn(string inputdata)
{
match m = regchzn.match(inputdata);
return m.success;
}
#endregion
#region 邮件地址
/// <summary>
/// 是否是浮点数 可带正负号
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isemail(string inputdata)
{
match m = regemail.match(inputdata);
return m.success;
}
#endregion
#region 其他
/// <summary>
/// 检查字符串最大长度,返回指定长度的串
/// </summary>
/// <param name="sqlinput">输入字符串</param>
/// <param name="maxlength">最大长度</param>
/// <returns></returns>
public static string sqltext(string sqlinput, int maxlength)
{
if(sqlinput != null && sqlinput != string.empty)
{
sqlinput = sqlinput.trim();
if(sqlinput.length > maxlength)//按最大长度截取字符串
sqlinput = sqlinput.substring(0, maxlength);
}
return sqlinput;
}
/// <summary>
/// 字符串编码
/// </summary>
/// <param name="inputdata"></param>
/// <returns></returns>
public static string htmlencode(string inputdata)
{
return httputility.htmlencode(inputdata);
}
/// <summary>
/// 设置label显示encode的字符串
/// </summary>
/// <param name="lbl"></param>
/// <param name="txtinput"></param>
public static void setlabel(label lbl, string txtinput)
{
lbl.text = htmlencode(txtinput);
}
public static void setlabel(label lbl, object inputobj)
{
setlabel(lbl, inputobj.tostring());
}
//字符串清理
public static string inputtext(string inputstring, int maxlength)
{
stringbuilder retval = new stringbuilder();
// 检查是否为空
if ((inputstring != null) && (inputstring != string.empty))
{
inputstring = inputstring.trim();
//检查长度
if (inputstring.length > maxlength)
inputstring = inputstring.substring(0, maxlength);
//替换危险字符
for (int i = 0; i < inputstring.length; i++)
{
switch (inputstring[i])
{
case '"':
retval.append(""");
break;
case '<':
retval.append("<");
break;
case '>':
retval.append(">");
break;
default:
retval.append(inputstring[i]);
break;
}
}
retval.replace("'", " ");// 替换单引号
}
return retval.tostring();
}
/// <summary>
/// 转换成 html code
/// </summary>
/// <param name="str">string</param>
/// <returns>string</returns>
public static string encode(string str)
{
str = str.replace("&","&");
str = str.replace("'","''");
str = str.replace("\"",""");
str = str.replace(" "," ");
str = str.replace("<","<");
str = str.replace(">",">");
str = str.replace("\n","<br>");
return str;
}
/// <summary>
///解析html成 普通文本
/// </summary>
/// <param name="str">string</param>
/// <returns>string</returns>
public static string decode(string str)
{
str = str.replace("<br>","\n");
str = str.replace(">",">");
str = str.replace("<","<");
str = str.replace(" "," ");
str = str.replace(""","\"");
return str;
}
#endregion
}
}
通用文件(global.asax),保存为global.asax文件名 放到网站根木马下即可。(其他功能自行补上)
<script language="c#" runat="server"><!--
protected void application_beginrequest(object sender, eventargs e)
{
startprocessrequest();
}
/// <summary>
/// 处理用户提交的请求
/// </summary>
private void startprocessrequest()
{
try
{
string getkeys = "";
if (system.web.httpcontext.current.request.querystring != null)
{
for (int i = 0; i < system.web.httpcontext.current.request.querystring.count; i++)
{
getkeys = system.web.httpcontext.current.request.querystring.keys[i];
if (!processsqlstr(system.web.httpcontext.current.request.querystring[getkeys]))
{
system.web.httpcontext.current.response.write("get,出现错误,包含非法字符串");
system.web.httpcontext.current.response.end();
}
}
}
if (system.web.httpcontext.current.request.form != null)
{
for (int i = 0; i < system.web.httpcontext.current.request.form.count; i++)
{
getkeys = system.web.httpcontext.current.request.form.keys[i];
if (getkeys == "__viewstate") continue;
if (!processsqlstr(system.web.httpcontext.current.request.form[getkeys]))
{
system.web.httpcontext.current.response.write("post,出现错误,包含非法字符串");
system.web.httpcontext.current.response.end();
}
}
}
if(system.web.httpcontext.current.request.cookies!=null)
{
for (int i = 0; i < system.web.httpcontext.current.request.cookies.count; i++)
{
getkeys = system.web.httpcontext.current.request.cookies.keys[i];
if (getkeys == "__viewstate") continue;
if (!processsqlstr(system.web.httpcontext.current.request.cookies[getkeys].value))
{
system.web.httpcontext.current.response.write("cookies,出现错误,包含非法字符串");
system.web.httpcontext.current.response.end();
}
}
}
}
catch
{
// 错误处理: 处理用户提交信息!
}
}
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="str">传入用户提交数据 </param>
/// <returns>返回是否含有sql注入式攻击代码 </returns>
private bool processsqlstr(string str)
{
bool returnvalue = true;
try
{
if (str.trim() != "")
{
string sqlstr = "select¦insert¦delete¦update¦declare¦sysobjects¦syscolumns¦cast¦truncate¦master¦mid¦exec";
string[] anysqlstr = sqlstr.split('¦');
foreach (string ss in anysqlstr)
{
if (str.tolower().indexof(ss) >= 0)
{
returnvalue = false;
break;
}
}
}
}
catch
{
returnvalue = false;
}
return returnvalue;
}
// --></script>
(页面数据校验类)pagevalidate.cs 基本通用。
代码如下:
复制代码 代码如下:
using system;
using system.text;
using system.web;
using system.web.ui.webcontrols;
using system.text.regularexpressions;
namespace common
{
/// <summary>
/// 页面数据校验类
/// </summary>
public class pagevalidate
{
private static regex regnumber = new regex("^[0-9]+$");
private static regex regnumbersign = new regex("^[+-]?[0-9]+$");
private static regex regdecimal = new regex("^[0-9]+[.]?[0-9]+$");
private static regex regdecimalsign = new regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等价于^[+-]?\d+[.]?\d+$
private static regex regemail = new regex("^[\\w-]+@[\\w-]+\\.(com|net|org|edu|mil|tv|biz|info)$");//w 英文字母或数字的字符串,和 [a-za-z0-9] 语法一样
private static regex regchzn = new regex("[\u4e00-\u9fa5]");
public pagevalidate()
{
}
#region 数字字符串检查
/// <summary>
/// 检查request查询字符串的键值,是否是数字,最大长度限制
/// </summary>
/// <param name="req">request</param>
/// <param name="inputkey">request的键值</param>
/// <param name="maxlen">最大长度</param>
/// <returns>返回request查询字符串</returns>
public static string fetchinputdigit(httprequest req, string inputkey, int maxlen)
{
string retval = string.empty;
if(inputkey != null && inputkey != string.empty)
{
retval = req.querystring[inputkey];
if(null == retval)
retval = req.form[inputkey];
if(null != retval)
{
retval = sqltext(retval, maxlen);
if(!isnumber(retval))
retval = string.empty;
}
}
if(retval == null)
retval = string.empty;
return retval;
}
/// <summary>
/// 是否数字字符串
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isnumber(string inputdata)
{
match m = regnumber.match(inputdata);
return m.success;
}
/// <summary>
/// 是否数字字符串 可带正负号
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isnumbersign(string inputdata)
{
match m = regnumbersign.match(inputdata);
return m.success;
}
/// <summary>
/// 是否是浮点数
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isdecimal(string inputdata)
{
match m = regdecimal.match(inputdata);
return m.success;
}
/// <summary>
/// 是否是浮点数 可带正负号
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isdecimalsign(string inputdata)
{
match m = regdecimalsign.match(inputdata);
return m.success;
}
#endregion
#region 中文检测
/// <summary>
/// 检测是否有中文字符
/// </summary>
/// <param name="inputdata"></param>
/// <returns></returns>
public static bool ishaschzn(string inputdata)
{
match m = regchzn.match(inputdata);
return m.success;
}
#endregion
#region 邮件地址
/// <summary>
/// 是否是浮点数 可带正负号
/// </summary>
/// <param name="inputdata">输入字符串</param>
/// <returns></returns>
public static bool isemail(string inputdata)
{
match m = regemail.match(inputdata);
return m.success;
}
#endregion
#region 其他
/// <summary>
/// 检查字符串最大长度,返回指定长度的串
/// </summary>
/// <param name="sqlinput">输入字符串</param>
/// <param name="maxlength">最大长度</param>
/// <returns></returns>
public static string sqltext(string sqlinput, int maxlength)
{
if(sqlinput != null && sqlinput != string.empty)
{
sqlinput = sqlinput.trim();
if(sqlinput.length > maxlength)//按最大长度截取字符串
sqlinput = sqlinput.substring(0, maxlength);
}
return sqlinput;
}
/// <summary>
/// 字符串编码
/// </summary>
/// <param name="inputdata"></param>
/// <returns></returns>
public static string htmlencode(string inputdata)
{
return httputility.htmlencode(inputdata);
}
/// <summary>
/// 设置label显示encode的字符串
/// </summary>
/// <param name="lbl"></param>
/// <param name="txtinput"></param>
public static void setlabel(label lbl, string txtinput)
{
lbl.text = htmlencode(txtinput);
}
public static void setlabel(label lbl, object inputobj)
{
setlabel(lbl, inputobj.tostring());
}
//字符串清理
public static string inputtext(string inputstring, int maxlength)
{
stringbuilder retval = new stringbuilder();
// 检查是否为空
if ((inputstring != null) && (inputstring != string.empty))
{
inputstring = inputstring.trim();
//检查长度
if (inputstring.length > maxlength)
inputstring = inputstring.substring(0, maxlength);
//替换危险字符
for (int i = 0; i < inputstring.length; i++)
{
switch (inputstring[i])
{
case '"':
retval.append(""");
break;
case '<':
retval.append("<");
break;
case '>':
retval.append(">");
break;
default:
retval.append(inputstring[i]);
break;
}
}
retval.replace("'", " ");// 替换单引号
}
return retval.tostring();
}
/// <summary>
/// 转换成 html code
/// </summary>
/// <param name="str">string</param>
/// <returns>string</returns>
public static string encode(string str)
{
str = str.replace("&","&");
str = str.replace("'","''");
str = str.replace("\"",""");
str = str.replace(" "," ");
str = str.replace("<","<");
str = str.replace(">",">");
str = str.replace("\n","<br>");
return str;
}
/// <summary>
///解析html成 普通文本
/// </summary>
/// <param name="str">string</param>
/// <returns>string</returns>
public static string decode(string str)
{
str = str.replace("<br>","\n");
str = str.replace(">",">");
str = str.replace("<","<");
str = str.replace(" "," ");
str = str.replace(""","\"");
return str;
}
#endregion
}
}
通用文件(global.asax),保存为global.asax文件名 放到网站根木马下即可。(其他功能自行补上)
复制代码 代码如下:
<script language="c#" runat="server"><!--
protected void application_beginrequest(object sender, eventargs e)
{
startprocessrequest();
}
/// <summary>
/// 处理用户提交的请求
/// </summary>
private void startprocessrequest()
{
try
{
string getkeys = "";
if (system.web.httpcontext.current.request.querystring != null)
{
for (int i = 0; i < system.web.httpcontext.current.request.querystring.count; i++)
{
getkeys = system.web.httpcontext.current.request.querystring.keys[i];
if (!processsqlstr(system.web.httpcontext.current.request.querystring[getkeys]))
{
system.web.httpcontext.current.response.write("get,出现错误,包含非法字符串");
system.web.httpcontext.current.response.end();
}
}
}
if (system.web.httpcontext.current.request.form != null)
{
for (int i = 0; i < system.web.httpcontext.current.request.form.count; i++)
{
getkeys = system.web.httpcontext.current.request.form.keys[i];
if (getkeys == "__viewstate") continue;
if (!processsqlstr(system.web.httpcontext.current.request.form[getkeys]))
{
system.web.httpcontext.current.response.write("post,出现错误,包含非法字符串");
system.web.httpcontext.current.response.end();
}
}
}
if(system.web.httpcontext.current.request.cookies!=null)
{
for (int i = 0; i < system.web.httpcontext.current.request.cookies.count; i++)
{
getkeys = system.web.httpcontext.current.request.cookies.keys[i];
if (getkeys == "__viewstate") continue;
if (!processsqlstr(system.web.httpcontext.current.request.cookies[getkeys].value))
{
system.web.httpcontext.current.response.write("cookies,出现错误,包含非法字符串");
system.web.httpcontext.current.response.end();
}
}
}
}
catch
{
// 错误处理: 处理用户提交信息!
}
}
/// <summary>
/// 分析用户请求是否正常
/// </summary>
/// <param name="str">传入用户提交数据 </param>
/// <returns>返回是否含有sql注入式攻击代码 </returns>
private bool processsqlstr(string str)
{
bool returnvalue = true;
try
{
if (str.trim() != "")
{
string sqlstr = "select¦insert¦delete¦update¦declare¦sysobjects¦syscolumns¦cast¦truncate¦master¦mid¦exec";
string[] anysqlstr = sqlstr.split('¦');
foreach (string ss in anysqlstr)
{
if (str.tolower().indexof(ss) >= 0)
{
returnvalue = false;
break;
}
}
}
}
catch
{
returnvalue = false;
}
return returnvalue;
}
// --></script>