SQL注入攻击 ●应用层攻击 很难防御的攻击行为 在应用操作界面直接操作数据库,以获取对敏感数据 的非法访问许可 Web server Application Server Database Server Web Input Injected SQL Page Validation Execution! Acces Flaw
SQL注入攻击 y 应用层攻击 y 很难防御的攻击行为 y 在应用操作界面直接操作数据库,以获取对敏感数据 的非法访问许可 Web Server Application Server Database Server Web Input Injected SQL Page Access Validation Execution! Flaw
SQL注入的简单例子一数据库表格 create table Users( inner id int not null unique identity(1, 1) userid char (o4 primary key, passwd varchar(64) username varchar(128) gender varchar not null email varchar(b4 not null, status int not null default o
SQL注入的简单例子-数据库表格 create table Users( inner_id int not null unique identity(1, 1), userid char (64) primary key, passwd varchar (6 ) 4 , username varchar (128), gender varchar (1) not null, email varchar (64) not null, status int not null default 0 )
SQL注入的简单例子-page e JSP for login Form form -Windows Inte ☆收夹海 2 JSP for login Form form 俭·同·□ userid:or 1=1 or userid= password Submit Cancel 年本地 Intranet|保护模式:启用、100%
SQL注入的简单例子-page 23
SQL注入的简单例子-Code public boolean validateloginSQLInjection2(String userid, String password, String authcode) List<User> userlist= user DAO. getHibernate TemplateO findCfrom User where userid ="+userid+"and password= +password+F ryl if (userlistsize o>o return true: catch(Exception e)i return false; return falses
SQL注入的简单例子-code public boolean validateLoginSQLInjection2(String userid, String password, String authcode){ List<User> userlist = userDAO.getHibernateTemplate().find("from User where userid = '" + userid +"' and password '" d "'" d='"+password+"'" ); try{ if (userlist.size()>0) return true; } catch(Exception e){ return false; } return false; } 24
SQL注入的简单例子- initial data insert into Users(userid, passwd, username, gender, email, status) values (weili,,weili,hanweili,M,wlhan@fudan.edu.cn,o)
SQL注入的简单例子-initial data insert into Users (userid, passwd, username, gender, email, status) values ('weili', 'weili', 'han weili', 'M', 'wlhan@fudan.edu.cn', 0) 25