n " /> 啊轻点啊再深点视频免费,东京热 百度影音,成人影院午夜久久影院

天天躁日日躁狠狠躁AV麻豆-天天躁人人躁人人躁狂躁-天天澡夜夜澡人人澡-天天影视香色欲综合网-国产成人女人在线视频观看-国产成人女人视频在线观看

asp.net下檢測SQL注入式攻擊代碼

2014-10-23 16:43:28 分類:AspNet技術 閱讀()
兩個類:
(頁面數據校驗類)PageValidate.cs 基本通用。
代碼如下:
復制代碼 代碼如下:
using System;
using System.Text;
using System.Web;
using System.Web.UI.WebControls;
using System.Text.RegularExpressions;

namespace Common
{
    /// <summary>
    /// 頁面數據校驗類
    /// </summary>
    public class PageValidate
    {
        private static Regex RegNumber = new Regex("^[0-9]+$");
        private static Regex RegNumberSign = new Regex("^[+-]?[0-9]+$");
        private static Regex RegDecimal = new Regex("^[0-9]+[.]?[0-9]+$");
        private static Regex RegDecimalSign = new Regex("^[+-]?[0-9]+[.]?[0-9]+$"); //等價于^[+-]?/d+[.]?/d+$
        private static Regex RegEmail = new Regex("^[//w-]+@[//w-]+//.(com|NET|org|edu|mil|tv|biz|info)$");//w 英文字母或數字的字符串,和 [a-zA-Z0-9] 語法一樣
        private static Regex RegCHZN = new Regex("[/u4e00-/u9fa5]");

        public PageValidate()
        {
        }


        #region 數字字符串檢查        

        /// <summary>
        /// 檢查Request查詢字符串的鍵值,是否是數字,最大長度限制
        /// </summary>
        /// <param name="req">Request</param>
        /// <param name="inputKey">Request的鍵值</param>
        /// <param name="maxLen">最大長度</param>
        /// <returns>返回Request查詢字符串</returns>
        public static string FetchInputDigit(HttpRequest req, string inputKey, int maxLen)
        {
            string retVal = string.Empty;
            if(inputKey != null && inputKey != string.Empty)
            {
                retVal = req.QueryString[inputKey];
                if(null == retVal)
                    retVal = req.Form[inputKey];
                if(null != retVal)
                {
                    retVal = SqlText(retVal, maxLen);
                    if(!IsNumber(retVal))
                        retVal = string.Empty;
                }
            }
            if(retVal == null)
                retVal = string.Empty;
            return retVal;
        }        
        /// <summary>
        /// 是否數字字符串
        /// </summary>
        /// <param name="inputData">輸入字符串</param>
        /// <returns></returns>
        public static bool IsNumber(string inputData)
        {
            Match m = RegNumber.Match(inputData);
            return m.Success;
        }        
        /// <summary>
        /// 是否數字字符串 可帶正負號
        /// </summary>
        /// <param name="inputData">輸入字符串</param>
        /// <returns></returns>
        public static bool IsNumberSign(string inputData)
        {
            Match m = RegNumberSign.Match(inputData);
            return m.Success;
        }        
        /// <summary>
        /// 是否是浮點數
        /// </summary>
        /// <param name="inputData">輸入字符串</param>
        /// <returns></returns>
        public static bool IsDecimal(string inputData)
        {
            Match m = RegDecimal.Match(inputData);
            return m.Success;
        }        
        /// <summary>
        /// 是否是浮點數 可帶正負號
        /// </summary>
        /// <param name="inputData">輸入字符串</param>
        /// <returns></returns>
        public static bool IsDecimalSign(string inputData)
        {
            Match m = RegDecimalSign.Match(inputData);
            return m.Success;
        }        

        #endregion

        #region 中文檢測

        /// <summary>
        /// 檢測是否有中文字符
        /// </summary>
        /// <param name="inputData"></param>
        /// <returns></returns>
        public static bool IsHasCHZN(string inputData)
        {
            Match m = RegCHZN.Match(inputData);
            return m.Success;
        }    

        #endregion

        #region 郵件地址
        /// <summary>
        /// 是否是浮點數 可帶正負號
        /// </summary>
        /// <param name="inputData">輸入字符串</param>
        /// <returns></returns>
        public static bool IsEmail(string inputData)
        {
            Match m = RegEmail.Match(inputData);
            return m.Success;
        }        

        #endregion

        #region 其他

        /// <summary>
        /// 檢查字符串最大長度,返回指定長度的串
        /// </summary>
        /// <param name="sqlInput">輸入字符串</param>
        /// <param name="maxLength">最大長度</param>
        /// <returns></returns>            
        public static string SqlText(string sqlInput, int maxLength)
        {            
            if(sqlInput != null && sqlInput != string.Empty)
            {
                sqlInput = sqlInput.Trim();                            
                if(sqlInput.Length > maxLength)//按最大長度截取字符串
                    sqlInput = sqlInput.Substring(0, maxLength);
            }
            return sqlInput;
        }        
        /// <summary>
        /// 字符串編碼
        /// </summary>
        /// <param name="inputData"></param>
        /// <returns></returns>
        public static string HtmlEncode(string inputData)
        {
            return HttpUtility.HtmlEncode(inputData);
        }
        /// <summary>
        /// 設置Label顯示Encode的字符串
        /// </summary>
        /// <param name="lbl"></param>
        /// <param name="txtInput"></param>
        public static void SetLabel(Label lbl, string txtInput)
        {
            lbl.Text = HtmlEncode(txtInput);
        }
        public static void SetLabel(Label lbl, object inputObj)
        {
            SetLabel(lbl, inputObj.ToString());
        }        
        //字符串清理
        public static string InputText(string inputString, int maxLength)
        {            
            StringBuilder retVal = new StringBuilder();

            // 檢查是否為空
            if ((inputString != null) && (inputString != String.Empty))
            {
                inputString = inputString.Trim();

                //檢查長度
                if (inputString.Length > maxLength)
                    inputString = inputString.Substring(0, maxLength);

                //替換危險字符
                for (int i = 0; i < inputString.Length; i++)
                {
                    switch (inputString[i])
                    {
                        case '"':
                            retVal.Append(""");
                            break;
                        case '<':
                            retVal.Append("<");
                            break;
                        case '>':
                            retVal.Append(">");
                            break;
                        default:
                            retVal.Append(inputString[i]);
                            break;
                    }
                }                
                retVal.Replace("'", " ");// 替換單引號
            }
            return retVal.ToString();

        }
        /// <summary>
        /// 轉換成 HTML code
        /// </summary>
        /// <param name="str">string</param>
        /// <returns>string</returns>
        public static string Encode(string str)
        {            
            str = str.Replace("&","&");
            str = str.Replace("'","''");
            str = str.Replace("/"",""");
            str = str.Replace(" "," ");
            str = str.Replace("<","<");
            str = str.Replace(">",">");
            str = str.Replace("/n","<br>");
            return str;
        }
        /// <summary>
        ///解析html成 普通文本
        /// </summary>
        /// <param name="str">string</param>
        /// <returns>string</returns>
        public static string Decode(string str)
        {            
            str = str.Replace("<br>","/n");
            str = str.Replace(">",">");
            str = str.Replace("<","<");
            str = str.Replace(" "," ");
            str = str.Replace(""","/"");
            return str;
        }

        #endregion 

    }
}

通用文件(Global.asax),保存為Global.asax文件名 放到網站根木馬下即可。(其他功能自行補上)
復制代碼 代碼如下:
<script language="C#" runat="server"><!--
    protected void Application_BeginRequest(Object sender, EventArgs e)
        {
            StartProcessRequest();
        }


/// <summary>
/// 處理用戶提交的請求
/// </summary>
private void StartProcessRequest()
{
try
{
string getkeys = "";

if (System.Web.HttpContext.Current.Request.QueryString != null)
{

for (int i = 0; i < System.Web.HttpContext.Current.Request.QueryString.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.QueryString.Keys[i];
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.QueryString[getkeys]))
{
System.Web.HttpContext.Current.Response.Write("Get,出現錯誤,包含非法字符串");
System.Web.HttpContext.Current.Response.End();
}
}
}
if (System.Web.HttpContext.Current.Request.Form != null)
{
for (int i = 0; i < System.Web.HttpContext.Current.Request.Form.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Form.Keys[i];
if (getkeys == "__VIEWSTATE") continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Form[getkeys]))
{
System.Web.HttpContext.Current.Response.Write("Post,出現錯誤,包含非法字符串");
System.Web.HttpContext.Current.Response.End();
}
}
}
            if(System.Web.HttpContext.Current.Request.Cookies!=null)
            {
             for (int i = 0; i < System.Web.HttpContext.Current.Request.Cookies.Count; i++)
{
getkeys = System.Web.HttpContext.Current.Request.Cookies.Keys[i];
if (getkeys == "__VIEWSTATE") continue;
if (!ProcessSqlStr(System.Web.HttpContext.Current.Request.Cookies[getkeys].Value))
{
System.Web.HttpContext.Current.Response.Write("Cookies,出現錯誤,包含非法字符串");
System.Web.HttpContext.Current.Response.End();
}
}
            }

}
catch
{
// 錯誤處理: 處理用戶提交信息!
}
}
/// <summary>
/// 分析用戶請求是否正常
/// </summary>
/// <param name="Str">傳入用戶提交數據 </param>
/// <returns>返回是否含有SQL注入式攻擊代碼 </returns>
private bool ProcessSqlStr(string Str)
{
bool ReturnValue = true;
try
{
if (Str.Trim() != "")
{
                string SqlStr = "select¦insert¦delete¦update¦declare¦sysobjects¦syscolumns¦cast¦truncate¦master¦mid¦exec";

                string[] anySqlStr = SqlStr.Split('¦');
foreach (string ss in anySqlStr)
{
if (Str.ToLower().IndexOf(ss) >= 0)
{
ReturnValue = false;
break;
}
}
}
}
catch
{
ReturnValue = false;
}
return ReturnValue;
}

// --></script>

AspNet技術asp.net下檢測SQL注入式攻擊代碼,轉載需保留來源!

鄭重聲明:本文版權歸原作者所有,轉載文章僅為傳播更多信息之目的,如作者信息標記有誤,請第一時間聯系我們修改或刪除,多謝。

標簽:
主站蜘蛛池模板: 手机在线成人精品视频网 | 国产乱码一区二区三区 | 亚洲精品tv久久久久久久久久 | 国产精品无码AV天天爽人妻蜜桃 | 俄罗斯美女啪啪 | 国产欧美日韩中文视频在线 | 超碰 无码 中文字幕 | 国产99网站| 国产香蕉视频在线观看 | 一手揉着乳头一手模仿抽插视频 | 欧美精品色视频 | 青青伊人久久 | 野草视频在线观看 | 国产精品永久免费视频 | 色偷拍自怕亚洲在线 | 九热这里只有精品 | 国产亚洲精品欧洲在线视频 | 精品久久久久中文字幕加勒比东京热 | 穿白丝袜边走边尿白丝袜 | 韩国伦理电影在线神马网 | 国产精品在线手机视频 | 精品久久久麻豆国产精品 | 欧美乱妇日本无乱码特黄大片 | 我在厨房摸岳的乳HD在线观看 | 永久免费无码AV国产网站 | 麻豆啊传媒app黄版破解免费 | 冰山高冷受被c到哭np双性 | 最新高清无码专区在线视频 | 国产成人在线免费 | 免费人妻AV无码专区五月 | 一级毛片免费在线播放 | 国产普通话精品久久 | 久久re视频这里精品免费1 | caoporn 超碰免费视频 | 妹妹成人网 | 中文字幕在线观看亚洲视频 | 高清 国产 在线 亚洲 | A级超碰视频在线观看 | 大香网伊人久久综合观看 | 久久中文字幕无码A片不卡 久久中文字幕人妻熟AV女蜜柚M | 1V1各种PLAY女主被肉 |