Sql server 怪异的桌子';SQL server中的s数据
我的数据库中有一个名为Sql server 怪异的桌子';SQL server中的s数据,sql-server,sql-injection,Sql Server,Sql Injection,我的数据库中有一个名为notifications的表,每当我的应用程序中的其他用户发出通知时,数据就会插入到这个表中。该表的架构如下所示: CREATE TABLE [dbo].[notifications]( [id] [int] IDENTITY(1,1) NOT NULL, [sender] [char](17) NULL, [reciever] [char](17) NULL, [letter_code] [char](15) NULL, [txt
notificationsCREATE TABLE [dbo].[notifications](
[id] [int] IDENTITY(1,1) NOT NULL,
[sender] [char](17) NULL,
[reciever] [char](17) NULL,
[letter_code] [char](15) NULL,
[txt] [nvarchar](max) NULL,
[dateandtime] [datetime2](7) NULL,
[letter_kind] [nvarchar](50) NULL,
[seen] [bit] NULL,
CONSTRAINT [PK_notifications] PRIMARY KEY CLUSTERED
(
[id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
id || sender || reciever || letter_code || txt || dateandtime || letter_kind || seen
============================================================================================================
1 || 2 || 2 || 1734 || message || 2015-10-12 09:59:01 || PS || flase
CREATE TABLE [dbo].[notifications](
[id] [int] IDENTITY(1,1) NOT NULL,
[sender] [char](17) NULL,
[reciever] [char](17) NULL,
[letter_code] [char](15) NULL,
[txt] [nvarchar](max) NULL,
[dateandtime] [datetime2](7) NULL,
[letter_kind] [nvarchar](50) NULL,
[seen] [bit] NULL,
CONSTRAINT [PK_notifications] PRIMARY KEY CLUSTERED
(
[id] ASC
)WITH (PAD_INDEX = OFF, STATISTICS_NORECOMPUTE = OFF, IGNORE_DUP_KEY = OFF, ALLOW_ROW_LOCKS = ON, ALLOW_PAGE_LOCKS = ON) ON [PRIMARY]
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
id || sender || reciever || letter_code || txt || dateandtime || letter_kind || seen
============================================================================================================
1 || 2 || 2 || 1734 || message || 2015-10-12 09:59:01 || PS || flase
通知txt1<div style="display:none">looking to cheat <a href="http://blog.perecruit.com/template/page/reason-women-cheat.aspx">go</a> how many men have affairs</div>
InsTotNotification [Invoke]
public string InsTotNotification(string sender, string reciever,string letter_code,string Txt,DateTime dateandtime,string Letter_kind)
{
var MQuery = ObjectContext.InsTo_Notification(sender, reciever, letter_code, Txt, dateandtime, Letter_kind).FirstOrDefault();
return "Ok";
}
SET ANSI_NULLS OFF
GO
SET QUOTED_IDENTIFIER OFF
GO
ALTER PROCEDURE [dbo].[InsTo_Notification]
@Sender char(17),
@Reciever char(17),
@Letter_code char(15),
@Txt nvarchar(MAX),
@DateandTime datetime2,
@Letter_kind nvarchar(50)
AS
BEGIN TRANSACTION InsertNotifications
Declare @T1 int
INSERT notifications (sender, reciever, letter_code, txt, dateandtime, letter_kind)
values (@Sender, @Reciever, @Letter_code, @Txt, @DateandTime,@Letter_kind)
SELECT @T1=@@ERROR
--------------------------
if (@T1=0)
BEGIN
COMMIT TRANSACTION InsertNotifications
SELECT @Letter_code as LetterNo
END
ELSE
BEGIN
ROLLBACK TRANSACTION InsertNotifications
SELECT 'NO' as 'It has Problem'
END
请注意,所选行中的文本
PS\15768\15758\160711968\15768\1607; 15755\15755\1580\15753\15753\15753\15835\1607; \1583; \1583; \1583; \code>是txt
字段的实际值。。。。
这是来自Web应用程序还是Web可以实现的东西,对吗?
您的存储过程在没有正确验证的情况下接受任何字符输入。
尝试检查参数是否包含“”、保留的SQL Server术语/语句或其他不需要的字符。为什么大多数数据类型都是char或varchar,而您只有1个?这可能是代码中某个地方的问题,而不是SQL Server。若只存储数字,则不应使用字符类型。如果您尝试插入文本,它们不会失败。看起来有人用恶意HTML填充表单的隐藏部分。请检查是否只有您可以写入这些列的变量。我无法确切地看到,您的代码的哪一部分负责写入txt
字段内容。显然一些SQL注入是可能的。同样的问题在这里-txt
字段如何包含值1
?必须有另一个允许更新此字段的代码路径。或者有一些SQL攻击,攻击者只能更新txt
字段,但新记录应该包含正确的文本。如果新记录也包含1
,则可以使用SQL探查器(打开sp语句日志记录)查找错误的代码。可能来自同一服务器上的另一个数据库。