ruanyongjie ·¢±íÓÚ 2008-8-29 14:21:10

SQL×¢Èë¹¥»÷µÄÖÖÀàºÍ·À·¶ÊÖ¶Î

SQL×¢Èë¹¥»÷µÄÖÖÀà

Ê×ÏÈÒªÇå³þSQL×¢Èë¹¥»÷ÓÐÄÄЩÖÖÀà¡£

1.ûÓÐÕýÈ·¹ýÂËתÒå×Ö·û
ÔÚÓû§µÄÊäÈëûÓÐΪתÒå×Ö·û¹ýÂËʱ£¬¾Í»á·¢ÉúÕâÖÖÐÎʽµÄ×¢Èëʽ¹¥»÷£¬Ëü»á±»´«µÝ¸øÒ»¸öSQLÓï¾ä¡£ÕâÑù¾Í»áµ¼ÖÂÓ¦ÓóÌÐòµÄÖÕ¶ËÓû§¶ÔÊý¾Ý¿âÉϵÄÓï¾äʵʩ²Ù×Ý¡£±È·½Ëµ£¬ÏÂÃæµÄÕâÐдúÂë¾Í»áÑÝʾÕâÖÖ©¶´£º          statement := "SELECT * FROM users WHERE name = '" + userName + "'; "

ÕâÖÖ´úÂëµÄÉè¼ÆÄ¿µÄÊǽ«Ò»¸öÌض¨µÄÓû§´ÓÆäÓû§±íÖÐÈ¡³ö£¬µ«ÊÇ£¬Èç¹ûÓû§Ãû±»Ò»¸ö¶ñÒâµÄÓû§ÓÃÒ»ÖÖÌض¨µÄ·½Ê½Î±Ô죬Õâ¸öÓï¾äËùÖ´ÐеIJÙ×÷¿ÉÄܾͲ»½ö½öÊÇ´úÂëµÄ×÷ÕßËùÆÚÍûµÄÄÇÑùÁË¡£ÀýÈ磬½«Óû§Ãû±äÁ¿(¼´username)ÉèÖÃΪ£º
      a' or 't'='t£¬´ËʱԭʼÓï¾ä·¢ÉúÁ˱仯£º          SELECT * FROM users WHERE name = 'a' OR 't'='t';
Èç¹ûÕâÖÖ´úÂë±»ÓÃÓÚÒ»¸öÈÏÖ¤¹ý³Ì£¬ÄÇôÕâ¸öÀý×Ó¾ÍÄܹ»Ç¿ÆÈÑ¡ÔñÒ»¸öºÏ·¨µÄÓû§Ãû£¬ÒòΪ¸³Öµ't'='tÓÀÔ¶ÊÇÕýÈ·µÄ¡£
ÔÚһЩSQL·þÎñÆ÷ÉÏ£¬ÈçÔÚSQL¡¡ServerÖУ¬ÈκÎÒ»¸öSQLÃüÁ¿ÉÒÔͨ¹ýÕâÖÖ·½·¨±»×¢È룬°üÀ¨Ö´Ðжà¸öÓï¾ä¡£ÏÂÃæÓï¾äÖеÄusernameµÄÖµ½«»áµ¼ÖÂɾ³ý¡°users¡±±í£¬ÓÖ¿ÉÒÔ´Ó¡°data¡±±íÖÐÑ¡ÔñËùÓеÄÊý¾Ý(ʵ¼ÊÉϾÍÊÇ͸¶ÁËÿһ¸öÓû§µÄÐÅÏ¢)¡£          a'; DROP TABLE users; SELECT * FROM data WHERE name LIKE '%

Õâ¾Í½«×îÖÕµÄSQLÓï¾ä±ä³ÉÏÂÃæÕâ¸öÑù×Ó£º   SELECT * FROM users WHERE name = 'a'; DROP TABLE users; SELECT * FROM DATA WHERE name LIKE '%';
ÆäËüµÄSQLÖ´Ðв»»á½«Ö´ÐÐͬÑù²éѯÖеĶà¸öÃüÁî×÷ΪһÏȫ´ëÊ©¡£Õâ»á·ÀÖ¹¹¥»÷Õß×¢ÈëÍêÈ«¶ÀÁ¢µÄ²éѯ£¬²»¹ýÈ´²»»á×èÖ¹¹¥»÷ÕßÐ޸IJéѯ¡£

2.Incorrect type handling
Èç¹ûÒ»¸öÓû§ÌṩµÄ×ֶβ¢·ÇÒ»¸öÇ¿ÀàÐÍ£¬»òÕßûÓÐʵʩÀàÐÍÇ¿ÖÆ£¬¾Í»á·¢ÉúÕâÖÖÐÎʽµÄ¹¥»÷¡£µ±ÔÚÒ»¸öSQLÓï¾äÖÐʹÓÃÒ»¸öÊý×Ö×Ö¶Îʱ£¬Èç¹û³ÌÐòԱûÓмì²éÓû§ÊäÈëµÄºÏ·¨ÐÔ(ÊÇ·ñΪÊý×ÖÐÍ)¾Í»á·¢ÉúÕâÖÖ¹¥»÷¡£ÀýÈ磺          statement := "SELECT * FROM data WHERE id = " + a_variable + "; "
´ÓÕâ¸öÓï¾ä¿ÉÒÔ¿´³ö£¬×÷ÕßÏ£Íûa_variableÊÇÒ»¸öÓë¡°id¡±×Ö¶ÎÓйصÄÊý×Ö¡£²»¹ý£¬Èç¹ûÖÕ¶ËÓû§Ñ¡ÔñÒ»¸ö×Ö·û´®£¬¾ÍÈƹýÁ˶ÔתÒå×Ö·ûµÄÐèÒª¡£ÀýÈ磬½«a_variableÉèÖÃΪ:1; DROP TABLE users£¬Ëü»á½«¡°users¡±±í´ÓÊý¾Ý¿âÖÐɾ³ý£¬SQLÓï¾ä±ä³É£ºSELECT * FROM DATA WHERE id = 1; DROP TABLE users;

3.Êý¾Ý¿â·þÎñÆ÷ÖеÄ©¶´
ÓÐʱ£¬Êý¾Ý¿â·þÎñÆ÷Èí¼þÖÐÒ²´æÔÚ×Å©¶´£¬ÈçMYSQL·þÎñÆ÷ÖÐmysql_real_escape_string()º¯Êý©¶´¡£ÕâÖÖ©¶´ÔÊÐíÒ»¸ö¹¥»÷Õ߸ù¾Ý´íÎóµÄͳһ×Ö·û±àÂëÖ´ÐÐÒ»´Î³É¹¦µÄSQL×¢Èëʽ¹¥»÷¡£

4.äĿSQL×¢Èëʽ¹¥»÷
µ±Ò»¸öWebÓ¦ÓóÌÐòÒ×ÓÚÔâÊܹ¥»÷¶øÆä½á¹û¶Ô¹¥»÷ÕßÈ´²»¼ûʱ£¬¾Í»á·¢ÉúËùνµÄäĿSQL×¢Èëʽ¹¥»÷¡£ÓЩ¶´µÄÍøÒ³¿ÉÄܲ¢²»»áÏÔʾÊý¾Ý£¬¶øÊǸù¾Ý×¢Èëµ½ºÏ·¨Óï¾äÖеÄÂß¼­Óï¾äµÄ½á¹ûÏÔʾ²»Í¬µÄÄÚÈÝ¡£ÕâÖÖ¹¥»÷Ï൱ºÄʱ£¬ÒòΪ±ØÐëΪÿһ¸ö»ñµÃµÄ×Ö½Ú¶ø¾«ÐĹ¹ÔìÒ»¸öеÄÓï¾ä¡£µ«ÊÇÒ»µ©Â©¶´µÄλÖúÍÄ¿±êÐÅÏ¢µÄλÖñ»È·Á¢ÒÔºó£¬Ò»ÖÖ³ÆΪAbsintheµÄ¹¤¾ß¾Í¿ÉÒÔʹÕâÖÖ¹¥»÷×Ô¶¯»¯¡£

5.Ìõ¼þÏìÓ¦
×¢Ò⣬ÓÐÒ»ÖÖSQL×¢ÈëÆÈʹÊý¾Ý¿âÔÚÒ»¸öÆÕͨµÄÓ¦ÓóÌÐòÆÁÄ»ÉϼÆËãÒ»¸öÂß¼­Óï¾äµÄÖµ£º          SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND 1=1

Õâ»áµ¼ÖÂÒ»¸ö±ê×¼µÄÃæÃ棬¶øÓï¾ä

SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND 1=2ÔÚÒ³ÃæÒ×ÓÚÊܵ½SQL×¢Èëʽ¹¥»÷ʱ£¬ËüÓпÉÄܸø³öÒ»¸ö²»Í¬µÄ½á¹û¡£Èç´ËÕâ°ãµÄÒ»´Î×¢È뽫»áÖ¤Ã÷äĿµÄSQL×¢ÈëÊÇ¿ÉÄܵģ¬Ëü»áʹ¹¥»÷Õ߸ù¾ÝÁíÍâÒ»¸ö±íÖеÄij×Ö¶ÎÄÚÈÝÉè¼Æ¿ÉÒÔÆÀÅÐÕæαµÄÓï¾ä¡£

6.Ìõ¼þÐÔ²î´í
Èç¹ûWHEREÓï¾äΪÕ棬ÕâÖÖÀàÐ͵ÄäĿSQL×¢Èë»áÆÈʹÊý¾Ý¿âÆÀÅÐÒ»¸öÒýÆð´íÎóµÄÓï¾ä£¬´Ó¶øµ¼ÖÂÒ»¸öSQL´íÎó¡£ÀýÈ磺
SELECT 1/0 FROM users WHERE username='Ralph'¡£ÏÔÈ»£¬Èç¹ûÓû§Ralph´æÔڵĻ°£¬±»Áã³ý½«µ¼Ö´íÎó¡£

7.ʱ¼äÑÓÎó
ʱ¼äÑÓÎóÊÇÒ»ÖÖäĿµÄSQL×¢È룬¸ù¾ÝËù×¢ÈëµÄÂß¼­£¬Ëü¿ÉÒÔµ¼ÖÂSQLÒýÇæÖ´ÐÐÒ»¸ö³¤¶ÓÁлòÕßÊÇÒ»¸öʱ¼äÑÓÎóÓï¾ä¡£¹¥»÷Õß¿ÉÒÔºâÁ¿Ò³Ãæ¼ÓÔصÄʱ¼ä£¬´Ó¶ø¾ö¶¨Ëù×¢ÈëµÄÓï¾äÊÇ·ñΪÕæ¡£

ÒÔÉϽöÊǶÔSQL¹¥»÷µÄ´ÖÂÔ·ÖÀà¡£µ«´Ó¼¼ÊõÉϽ²£¬Èç½ñµÄSQL×¢Èë¹¥»÷ÕßÃÇÔÚÈçºÎÕÒ³öÓЩ¶´µÄÍøÕ¾·½Ãæ¸ü¼Ó´ÏÃ÷£¬Ò²¸ü¼ÓÈ«ÃæÁË¡£³öÏÖÁËһЩÐÂÐ͵ÄSQL¹¥»÷ÊֶΡ£ºÚ¿ÍÃÇ¿ÉÒÔʹÓø÷ÖÖ¹¤¾ßÀ´¼ÓËÙ©¶´µÄÀûÓùý³Ì¡£ÎÒÃDz»·Á¿´¿´the Asprox TrojanÕâÖÖľÂí£¬ËüÖ÷Ҫͨ¹ýÒ»¸ö·¢²¼ÓʼþµÄ½©Ê¬ÍøÂçÀ´´«²¥£¬ÆäÕû¸ö¹¤×÷¹ý³Ì¿ÉÒÔÕâÑùÃèÊö£ºÊ×ÏÈ£¬Í¨¹ýÊܵ½¿ØÖƵÄÖ÷»ú·¢Ë͵ÄÀ¬»øÓʼþ½«´ËľÂí°²×°µ½µçÄÔÉÏ£¬È»ºó£¬Êܵ½´ËľÂí¸ÐȾµÄµçÄÔ»áÏÂÔØÒ»¶Î¶þ½øÖÆ´úÂ룬ÔÚÆäÆô¶¯Ê±£¬Ëü»áʹÓÃËÑË÷ÒýÇæËÑË÷ÓÃ΢ÈíµÄASP¼¼Êõ½¨Á¢±íµ¥µÄ¡¢ÓЩ¶´µÄÍøÕ¾¡£ËÑË÷µÄ½á¹û¾Í³ÉΪSQL×¢Èë¹¥»÷µÄ°Ð×ÓÇåµ¥¡£½Ó×Å£¬Õâ¸öľÂí»áÏòÕâЩվµã·¢¶¯SQL×¢Èëʽ¹¥»÷£¬Ê¹ÓÐЩÍøÕ¾Êܵ½¿ØÖÆ¡¢ÆÆ»µ¡£·ÃÎÊÕâЩÊܵ½¿ØÖƺÍÆÆ»µµÄÍøÕ¾µÄÓû§½«»áÊܵ½ÆÛÆ­£¬´ÓÁíÍâÒ»¸öÕ¾µãÏÂÔØÒ»¶Î¶ñÒâµÄJavaScript´úÂë¡£×îºó£¬Õâ¶Î´úÂ뽫Óû§Ö¸Òýµ½µÚÈý¸öÕ¾µã£¬ÕâÀïÓиü¶àµÄ¶ñÒâÈí¼þ£¬ÈçÇÔÈ¡¿ÚÁîµÄľÂí¡£

ÒÔÇ°£¬ÎÒÃǾ­³£¾¯¸æ»ò½¨ÒéWebÓ¦ÓóÌÐòµÄ³ÌÐòÔ±ÃǶÔÆä´úÂë½øÐвâÊÔ²¢´ò²¹¶¡£¬ËäÈ»SQL×¢È멶´±»·¢ÏÖºÍÀûÓõĻúÂʲ¢²»Ì«¸ß¡£µ«½üÀ´¹¥»÷ÕßÃÇÔ½À´Ô½¶àµØ·¢ÏÖ²¢¶ñÒâµØÀûÓÃÕâЩ©¶´¡£Òò´Ë£¬ÔÚ²¿ÊðÆäÈí¼þ֮ǰ£¬¿ª·¢ÈËÔ±Ó¦µ±¸ü¼ÓÖ÷¶¯µØ²âÊÔÆä´úÂ룬²¢ÔÚеĩ¶´³öÏÖºóÁ¢¼´¶Ô´úÂë´ò²¹¶¡¡£

·ÀÓùºÍ¼ì²éSQL×¢ÈëµÄÊÖ¶Î
1.ʹÓòÎÊý»¯µÄ¹ýÂËÐÔÓï¾ä
Òª·ÀÓùSQL×¢È룬Óû§µÄÊäÈë¾Í¾ø¶Ô²»ÄÜÖ±½Ó±»Ç¶Èëµ½SQLÓï¾äÖС£Ç¡Ç¡Ïà·´£¬Óû§µÄÊäÈë±ØÐë½øÐйýÂË£¬»òÕßʹÓòÎÊý»¯µÄÓï¾ä¡£²ÎÊý»¯µÄÓï¾äʹÓòÎÊý¶ø²»Êǽ«Óû§ÊäÈëǶÈëµ½Óï¾äÖС£ÔÚ¶àÊýÇé¿öÖУ¬SQLÓï¾ä¾ÍµÃÒÔÐÞÕý¡£È»ºó£¬Óû§ÊäÈë¾Í±»ÏÞÓÚÒ»¸ö²ÎÊý¡£ÏÂÃæÊÇÒ»¸öʹÓÃJavaºÍJDBC APIÀý×Ó£º         
PreparedStatement prep = conn.prepareStatement("SELECT * FROM USERS WHERE PASSWORD=?");
prep.setString(1, pwd);

×ÜÌåÉϽ²£¬ÓÐÁ½ÖÖ·½·¨¿ÉÒÔ±£Ö¤Ó¦ÓóÌÐò²»Ò×Êܵ½SQL×¢ÈëµÄ¹¥»÷£¬Ò»ÊÇʹÓôúÂ븴²é£¬¶þÊÇÇ¿ÆÈʹÓòÎÊý»¯Óï¾äµÄ¡£Ç¿ÆÈʹÓòÎÊý»¯µÄÓï¾äÒâζ×ÅǶÈëÓû§ÊäÈëµÄSQLÓï¾äÔÚÔËÐÐʱ½«±»¾Ü¾ø¡£²»¹ý£¬Ä¿Ç°Ö§³ÖÕâÖÖÌØÐԵIJ¢²»¶à¡£ÈçH2 Êý¾Ý¿âÒýÇæ¾ÍÖ§³Ö¡£

2.»¹Òª±ÜÃâʹÓýâÊͳÌÐò£¬ÒòΪÕâÕýÊǺڿÍÃǽèÒÔÖ´ÐзǷ¨ÃüÁîµÄÊֶΡ£

3.·À·¶SQL×¢È룬»¹Òª±ÜÃâ³öÏÖһЩÏêϸµÄ´íÎóÏûÏ¢£¬ÒòΪºÚ¿ÍÃÇ¿ÉÒÔÀûÓÃÕâЩÏûÏ¢¡£ÒªÊ¹ÓÃÒ»ÖÖ±ê×¼µÄÊäÈëÈ·ÈÏ»úÖÆÀ´ÑéÖ¤ËùÓеÄÊäÈëÊý¾ÝµÄ³¤¶È¡¢ÀàÐÍ¡¢Óï¾ä¡¢ÆóÒµ¹æÔòµÈ¡£

4.ʹÓÃרҵµÄ©¶´É¨Ãè¹

testdear ·¢±íÓÚ 2008-8-31 21:25:05

²»´í£¬ÊµÔÚ£»:)

jvyoujing ·¢±íÓÚ 2009-10-27 20:42:53

thanks

lanfish319 ·¢±íÓÚ 2010-3-9 11:40:36

::JFBQ00125080410a::: Ö§³Ö ¶¥Ò»¸ö¡¤

huilin.gao ·¢±íÓÚ 2010-3-9 17:00:37

ÕæÊÇÌ«¸ÐлÁË

СÓãoO ·¢±íÓÚ 2010-3-27 22:33:01

ºÜºÃ

msnshow ·¢±íÓÚ 2010-4-26 13:59:38

ÏÖÔÚÕâ·½ÃæµÄ©¶´Ô½À´Ô½ÉÙÁË£¬¸Ð¾õ

flaw0r ·¢±íÓÚ 2010-4-26 18:27:17

PHPµÄ»°»¹ÊÇ´æÔںܶàSQL injectionµÄ£¬aspºÍasp.netµÄ±È½ÏÉÙ¼ûÁË

51happy ·¢±íÓÚ 2010-5-7 00:11:15

³¤¼ûʶÁË

jiachang ·¢±íÓÚ 2010-5-7 13:54:12

ºÃÎÄÕÂ

libertyer ·¢±íÓÚ 2010-5-11 17:46:36

·À·¶ÊֶΣº

1¡¢Ê¹ÓÃÍ·Îļþ¹ýÂ˹ؼü×Ö·û´®£»
2¡¢¶ÔÊý×ÖÐÍʹÓ÷½·¨¸ñʽ»¯ÎªÊý×ÖÐÍÔÙ²éѯ£¬¶ÔÓÚ×Ö·ûÐÍ´¦Àíµ¥ÒýºÅ£¬·ÀÖ¹±ÕºÏ¸³Öµ¹ý³Ì£»
3¡¢Ê¹ÓòÎÊý»¯²éѯ£»
4¡¢Ê¹Óô洢¹ý³Ì£»
ÒÔÉÏ·½·¨ÔÚ¸÷ÖÖweb³ÌÐòϵÄʹÓý¨Ò飺
asp/php£ºÊ¹ÓÃÒÔÉÏ1¡¢2¡¢4¾ù¿ÉÒÔ£¬ÍƼöʹÓÃ2¡¢4
java/.net£ºÇ¿ÓïÑÔÀàÐÍ£¬Ê¹ÓÃÒÔÉÏËÄÖÖ¾ù¿ÉÒÔ£¬ÍƼöʹÓÃ2¡¢3¡¢4

yanguochun ·¢±íÓÚ 2010-5-12 09:25:19

³¤¼ûʶÁË:)

xingvun ·¢±íÓÚ 2010-5-28 12:01:30

´ó¸Å¶ÁÁËһϣ¬ÊÜÒæÁ¼¶à°¡£¬ÏÈÊÕ²ØÁË£¬ÂýÂýÑо¿

xiaoyan2140 ·¢±íÓÚ 2010-6-21 23:22:45

3Q£¬ºÙºÙ
Ò³: [1]
²é¿´ÍêÕû°æ±¾: SQL×¢Èë¹¥»÷µÄÖÖÀàºÍ·À·¶ÊÖ¶Î