今天早上起來上網發現公司網站又被注入了,郁悶死了,趕快還原!!!
不過也多虧這注入,讓我知道怎麼簡單的分析IIS日志了,呵呵,原來隻要ctrl+f查找20%字元串就行,查到到如下東西
/forum/show.aspx titleid=318&caid=20%20And%20Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00)%20as%20varchar(1))%2Bchar(124)=1 80 - 117.32.250.106 Mozilla/4.0 302 0 0
呵呵,原來show.aspx這個頁面沒有經過驗證,趕快補上。。。
然後自己用.NET做了個檢測資料庫中的表中的字段中的内容有沒有注入腳本的頁面,看來以後每天都得要運作這個頁面檢測一次哦!!!
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.IO;
using System.Data;
public partial class niunantest : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
string sql_tbName =
"SELECT name FROM sysobjects " +
"WHERE xtype = 'U' AND OBJECTPROPERTY (id, 'IsMSShipped') = 0 " +
"order by name";
// 擷取資料庫中所有的使用者表
DataTable dt_tbName = myClass.myDataGet.getTable(sql_tbName);
foreach (DataRow row in dt_tbName.Rows)
{
string tbName = row["name"].ToString();
string sql_tbColName =
"select column_name,data_type from information_schema.columns " +
"where table_name ='" + tbName + "' ";
// 擷取表中所有的字段
DataTable dt_tbColName = myClass.myDataGet.getTable(sql_tbColName);
foreach (DataRow row2 in dt_tbColName.Rows)
{
string tbColName = row2["column_name"].ToString();
string tbColType = row2["data_type"].ToString();
if (tbColType == "char" || tbColType == "nchar" || tbColType == "varchar"
|| tbColType == "nvarchar" || tbColType == "text")
{
string sql_count =
"select COUNT(*) from [" + tbName + "] where [" + tbColName + "] like '%<script%' ";
// 判斷該表該字段中是否含有script腳本
int count = int.Parse(myClass.myDataGet.getDataScalar(sql_count).ToString());
if (count > 0)
{
Response.Write(tbName + " 表中的 " + tbColName +
" 字段含有腳本!<br>SQL語句:<span style='color:blue;'>" + HttpUtility.HtmlEncode(sql_count) + "</span><br><br>");
}
}
}
}
}
把代碼記錄下來,以備後用!
![【MySQL資料庫】資料庫索引事務1.索引2.事務[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)