今天早上起来上网发现公司网站又被注入了,郁闷死了,赶快还原!!!
不过也多亏这注入,让我知道怎么简单的分析IIS日志了,呵呵,原来只要ctrl+f查找20%字符串就行,查到到如下东西:
[quote]
/forum/show.aspx titleid=318&caid=20 And Cast(IS_SRVROLEMEMBER(0x730079007300610064006D0069006E00) as varchar(1))+char(124)=1 80 - 117.32.250.106 Mozilla/4.0 302 0 0
[/quote]
呵呵,原来show.aspx这个页面没有经过验证,赶快补上。。。
然后自己用.NET做了个检测数据库中的表中的字段中的内容有没有注入脚本的页面,看来以后每天都得要运行这个页面检测一次哦!!!
using System;using System.Collections.Generic;using System.Linq;using System.Web;using System.Web.UI;using System.Web.UI.WebControls;using System.IO;using System.Data;public partial class niunantest : System.Web.UI.Page{ protected void Page_Load(object sender, EventArgs e) { } protected void Button1_Click(object sender, EventArgs e) { string sql_tbName = "SELECT name FROM sysobjects " + "WHERE xtype = 'U' AND OBJECTPROPERTY (id, 'IsMSShipped') = 0 " + "order by name"; // 获取数据库中所有的用户表 DataTable dt_tbName = myClass.myDataGet.getTable(sql_tbName); foreach (DataRow row in dt_tbName.Rows) { string tbName = row["name"].ToString(); string sql_tbColName = "select column_name,data_type from information_schema.columns " + "where table_name ='" + tbName + "' "; // 获取表中所有的字段 DataTable dt_tbColName = myClass.myDataGet.getTable(sql_tbColName); foreach (DataRow row2 in dt_tbColName.Rows) { string tbColName = row2["column_name"].ToString(); string tbColType = row2["data_type"].ToString(); if (tbColType == "char" || tbColType == "nchar" || tbColType == "varchar" || tbColType == "nvarchar" || tbColType == "text") { string sql_count = "select COUNT(*) from [" + tbName + "] where [" + tbColName + "] like '%<script%' "; // 判断该表该字段中是否含有script脚本 int count = int.Parse(myClass.myDataGet.getDataScalar(sql_count).ToString()); if (count > 0) { Response.Write(tbName + " 表中的 " + tbColName + " 字段含有脚本!<br>SQL语句:<span style='color:blue;'>" + HttpUtility.HtmlEncode(sql_count) + "</span><br><br>"); } } } } }}
把代码记录下来,以备后用!
前几天申请了制作电子书的,上回发短消息给我说是已经做好了,但是我下载下来的大小却是0KB,不知道是怎么回事哦!!!
