SQL注入是比較常見的網絡攻擊方式之一,它不是利用操作系統的BUG來實現攻擊,而是針對程序員編程時的疏忽,通過SQL語句,實現無帳號登錄,甚至篡改數據庫。
using System; using System.Collections.Generic; using System.Text; using System.Web; using System.Text.RegularExpressions; namespace Core.Common { /// <summary> /// SQL注入幫助 /// </summary> public class SQLInjectionHelper { private const string StrKeyWord = @".*(select|insert|delete|from|count(|drop table|update|truncate|asc(|mid(|char(|xp_cmdshell|exec master|netlocalgroup administrators|:|net user|""|or|and).*"; private const string StrRegex = @"[-|;|,|/|(|)|[|]|}|{|%|@|*|!|']"; /// <summary> /// 獲取Post的數據 /// </summary> public static bool ValidUrlPostData() { bool result = false; for (int i = 0; i < HttpContext.Current.Request.Form.Count; i++) { result = ValidData(HttpContext.Current.Request.Form[i].ToString()); if (result) { LogHelper.Info("檢測出POST惡意數據: 【" + HttpContext.Current.Request.Form[i].ToString() + "】 URL: 【" + HttpContext.Current.Request.RawUrl + "】來源: 【" + HttpContext.Current.Request.UserHostAddress + "】"); break; }//如果檢測存在漏洞 } return result; } /// <summary> /// 獲取QueryString中的數據 /// </summary> public static bool ValidUrlGetData() { bool result = false; for (int i = 0; i < HttpContext.Current.Request.QueryString.Count; i++) { result = ValidData(HttpContext.Current.Request.QueryString[i].ToString()); if (result) { LogHelper.Info("檢測出GET惡意數據: 【" + HttpContext.Current.Request.QueryString[i].ToString() + "】 URL: 【" + HttpContext.Current.Request.RawUrl + "】來源: 【" + HttpContext.Current.Request.UserHostAddress + "】"); break; }//如果檢測存在漏洞 } return result; } /// <summary> /// 驗證是否存在注入代碼 /// </summary> /// <param name="inputData"></param> public static bool ValidData(string inputData) { //里面定義惡意字符集合 //驗證inputData是否包含惡意集合 if (Regex.IsMatch(inputData.ToLower(), GetRegexString())) { return true; } else { return false; } } /// <summary> /// 獲取正則表達式 /// </summary> /// <param name="queryConditions"></param> /// <returns></returns> private static string GetRegexString() { //構造SQL的注入關鍵字符 string[] strBadChar = { "and" ,"exec" ,"insert" ,"select" ,"delete" ,"update" ,"count" ,"from" ,"drop" ,"asc" ,"char" ,"or" ,"%" ,";" ,":" ,"\'" ,"\"" ,"-" ,"chr" ,"mid" ,"master" ,"truncate" ,"char" ,"declare" ,"SiteName" ,"net user" ,"xp_cmdshell" ,"/add" ,"exec master.dbo.xp_cmdshell" ,"net localgroup administrators" }; //構造正則表達式 string str_Regex = ".*("; for (int i = 0; i < strBadChar.Length - 1; i++) { str_Regex += strBadChar[i] + "|"; } str_Regex += strBadChar[strBadChar.Length - 1] + ").*"; return str_Regex; } /// <summary> /// 檢測是否有Sql危險字符 /// </summary> /// <param name="str">要判斷字符串</param> /// <returns>判斷結果</returns> public static bool IsSafeSqlString(string str) { return !Regex.IsMatch(str, @"[-|;|,|\/|\(|\)|\[|\]|\}|\{|%|@|\*|!|\']"); } /// <summary> SQL注入等安全驗證 /// 檢測是否有危險的可能用於鏈接的字符串 /// </summary> /// <param name="str">要判斷字符串</param> /// <returns>判斷結果</returns> public static bool IsSafeUserInfoString(string str) { return !Regex.IsMatch(str, @"^\s*$|^c:\\con\\con$|[%,\*" + "\"" + @"\s\t\<\>\&]|游客|^Guest"); } #region 檢測客戶的輸入中是否有危險字符串 /// <summary> /// 檢測客戶輸入的字符串是否有效,並將原始字符串修改為有效字符串或空字符串。 /// 當檢測到客戶的輸入中有攻擊性危險字符串,則返回false,有效返回true。 /// </summary> /// <param name="input">要檢測的字符串</param> public static bool IsValidInput(ref string input) { try { //替換單引號 input = input.Replace("'", "''").Trim(); //檢測攻擊性危險字符串 string testString = "and |or |exec |insert |select |delete |update |count |chr |mid |master |truncate |char |declare "; string[] testArray = testString.Split('|'); foreach (string testStr in testArray) { if (input.ToLower().IndexOf(testStr) != -1) { //檢測到攻擊字符串,清空傳入的值 input = ""; return false; } } //未檢測到攻擊字符串 return true; } catch (Exception ex) { throw new Exception(ex.Message); } } #endregion } }