asp aspx 注入练习代码

 ASP:

 

<% 

Dim Db,MyDbPath

dim conn

'可修改设置一：========================定义数据库类别，1为SQL数据库，0为Access数据库=============================

Const IsSqlDataBase =0

MyDbPath = ""

'================================================================================================================

If IsSqlDataBase = 1 Then

'必修改设置二：========================SQL数据库设置=============================================================

'sql数据库连接参数：数据库名(SqlDatabaseName)、用户密码(SqlPassword)、用户名(SqlUsername)、

'连接名(SqlLocalName)（本地用local，外地用IP）

Const SqlDatabaseName = "dvbbs"

Const SqlPassword = ""

Const SqlUsername = "sa"

Const SqlLocalName = "localhost"

'================================================================================================================

Else

'必修改设置三：========================Access数据库设置==========================================================

'免费用户第一次使用请修改本处数据库地址并相应修改data目录中数据库名称，如:将dvbbs6.mdb修改为dvbbs6.asp

Db = "z.mdb"

'================================================================================================================

End If

 

Dim ConnStr

If IsSqlDataBase = 1 Then

ConnStr = "Provider = Sqloledb; User ID = " & SqlUsername & "; Password = " & SqlPassword & "; Initial Catalog = " & SqlDatabaseName & "; Data Source = " & SqlLocalName & ";"

Else

ConnStr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath(MyDbPath & db)

End If

Set conn = Server.CreateObject("ADODB.Connection")

conn.open ConnStr

 

'-----------------------------------------------------------------------------------------------------

 

%>

 

 

<%

lg_id=Request("id")

If Request("id") = "" Then

lg_id=1

Set rs=conn.Execute("Select * From dv_help Where h_id ="& lg_id ) 

else

//提交变量

Set rs=conn.Execute("Select * From dv_help Where h_id=" & lg_id )

End If

%>

<div align="center">

<p> </p>

<p>SQL Injection</p>

<p>数据库可自带，替换表名。</p>

<p>提交参数为a.asp?id=1</p>

<p>id默认为1</p>

</div>

<div align="center">

<table width="754" height="259" border="1">

<tr>

<td width="744" bgcolor="#CCCCCC"><%=rs("h_content")%></td>

</tr>

</table>

</div>

================================================================================

ASPX:

 

<%@ Page language="c#" validateRequest=false %>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >

<HTML>

<HEAD>

<script language="C#" runat="server">

 

 

private System.Data.IDbConnection m_Connection = null;

private System.Data.IDbCommand m_Command = null;

private string h_id = null;

private string strSql = null;

 

private void Page_Load(object sender, System.EventArgs e)

{

 

this.Lb_title.Text = "sql注入练习\n";

this.Lb_title.Text += "请把动网论坛access数据库文件改名为‘z.mdb’，放在本文件同一目录下\n";

this.Lb_title.Text += "然后设置目录为web共享目录。";

 

 

this.h_id = Request.Params["id"];

if (this.h_id == null || this.h_id.Equals(""))

{

this.h_id = "3";

}

this.strSql = "Select * From dv_help Where h_id = " + this.h_id + " " ;

this.SqlinCode();

}

private System.Data.OleDb.OleDbConnection GetConn()

{

//返回数据库链接

if (this.m_Connection!=null)

{

return (System.Data.OleDb.OleDbConnection)this.m_Connection; 

}

return new System.Data.OleDb.OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data Source="+Server.MapPath("z.mdb")+"");

}

private bool OpenConn()

{

//打开数据库连接

if (this.m_Connection==null)

{

return false;

}

this.m_Connection.Open();

return true;

}

private bool CloseConn()

{

//关闭连接

if (this.m_Connection==null)

{

return false;

}

this.m_Connection.Close();

return true;

}

private void SqlinCode()

{

//sql注入漏洞的方法。

this.m_Connection = GetConn();

this.m_Command = new System.Data.OleDb.OleDbCommand();

this.m_Command.Connection = this.m_Connection;

this.m_Command.CommandText = this.strSql;

this.OpenConn();

System.Data.OleDb.OleDbDataReader dataReader = (System.Data.OleDb.OleDbDataReader)this.m_Command.ExecuteReader();

if (dataReader.Read())

{

this.Lb_show.Text = dataReader.GetValue(3).ToString();

}

dataReader.Close();

this.CloseConn();

}

 

#region Web 窗体设计器生成的代码

override protected void OnInit(EventArgs e)

{

//

// CODEGEN: 该调用是 ASP.NET Web 窗体设计器所必需的。

//

InitializeComponent();

base.OnInit(e);

}

 

/// <summary>

/// 设计器支持所需的方法 - 不要使用代码编辑器修改

/// 此方法的内容。

/// </summary>

private void InitializeComponent()

{ 

this.Load += new System.EventHandler(this.Page_Load);

 

}

#endregion

</script>

<title>sqlin</title>

<meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">

<meta name="CODE_LANGUAGE" Content="C#">

<meta name="vs_defaultClientScript" content="JavaScript">

<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5">

</HEAD>

<body MS_POSITIONING="GridLayout">

<form id="Form1" method="post" runat="server">

<FONT face="宋体">

<asp:Label id="Lb_show" style="Z-INDEX: 101; LEFT: 64px; POSITION: absolute; TOP: 120px" runat="server"

Width="536px" Height="344px"></asp:Label>

<asp:Label id="Lb_title" style="Z-INDEX: 102; LEFT: 64px; POSITION: absolute; TOP: 16px" runat="server"

Width="248px" Height="72px">下面显示数据库内容：</asp:Label></FONT>

</form>

</body>

</HTML>