Professional Documents
Culture Documents
Abstract
With the rapid development of computer technology, computer networks have become an important part of human society, and
have brought huge effect into the social development. It used a variety of database technology, which gave hackers one way to
attack. Thus, the paper analyzed related problem aiming at threat and prevention of the computer network database.
Keywords: Database; SQL; Database Explosion
221008
,
SQL
SQL
SQL
1.1 SQL
WebCohort 92% 60%
SQL [1] IT Sophos
SQL Sophos 2009
SQL SQL
- 40 http://www.sjie.org/
1.1.1
SQL SQL
SQL
SQL
1.1.2
1. SQL
2.
3.
1.1.3
SQL
1.
SQL statement:="
SELECT*FROM data WHERE id="+variable+";"variable id
SQL
2.
SQL
SQL
$SQL=SELECT $_GET[column1],$_GET[column2], $_GET[column3], FROM $_GET[table];
$result=mysql_query($SQL);
$rowcount=mysql_num_rows($result);
$row=1;
While($db_field=mysql_fetch_assoc($result))
{
if($row<=$rowcount)
{
print $db_field[$row] . <BR>;
$row++;
}
}
3.
||
.*/
SQL URL
Web Web SQL
SQL
$SQL=SELECT * FROM table WHERE field=$_GET[input];
$result=mysql_query($SQL);
$rowcout=mysql_num_rows($result);
$row=1;
- 41 http://www.sjie.org/
While($db_field=mysql_fetch_assoc($result))
{
If($row<=$rowcount)
{
Print $db_field[$row] . <BR>;
$row++;
}
}
4.
[2]
URL
5.
SQL
Private void SelectedIndexChanged(object sender,System.EventArgs e)
{
String SQL;
SQL=SELECT * FROM table ;
SQL+=WHERE ID=+UserList.SelectedItem.Value+;
OleDbConnection con=new OleDbConnection(connectionString);
OleDbCommand cmd=new OleDbCommand(SQL,con);
Try
{
Con.Open();
Reader=cmd.ExecuteReader();
Reader.Read();
lblResults.Text=<b>+reader[LastName];
lblResults.Text+=,+reader[FirstName]+</b><br>;
lblResults.Text+=ID:+reader[ID]+<br>;
reader.Close();
}
catch(Exception err)
{
lblResults.Text=Error getting data. ;
lblResults.Text+=err.Message;
}
Finally
{
Con.Close();
- 42 http://www.sjie.org/
}
}
1.2
1.2.1
1.2.2
%5c conn.asp
1. %5c
%5c /%5c
asp?id=
%5c
%5cIISIIS
IIS%5c
5c
%5c/%5c/%5c
%5c
http://hxhack.com/soft/view.asp?id=58/%5c
http://hxhack.com/soft%5cview.asp?id=58
2. conn.asp
conn.asp conn.asp
conn.asp
conn.asp %5c %5c
conn.asp
%5c conn.asp
conn.asp conn.asp
1.3
(xp_cmdshellOPENROWSETLOAD_FILEActiveX
Java )
SQL
SQL
1.
URL
SQL SQL
SQL
2. #
# IE #
IE
IE %23 ##
#data.mdb %23data.mdb IE
#
3. ASPASA
MDB ASP ASA
ASP ASA
4.
MD5 =MD5MD5
5.
SQL
manageadmin
login.asp
6.
URL "andor":;
execselectfrominsertdeleteupdatecountuserxp_cmdshelladdnetdroptabletruncate
mid"% SQL
7.
RDBMS Oracle
8.
SQL SQL
SQL
SQL
SQL
REFERENCES
[1] WebCohort. WebCohort`s application defense center reports results of vulnerability testing on Web applications [EB/OL]. 2004,
3(25). http://www.imperva.com/company/news/2004feb02.html
[2] . SQL . , 2010
[3] , , . [J]. , 2004
[4] , . SQL [J]. , 2008
[5] . SQL SERVER 2005[M]. , 2008
1986-
2010
Email: 105564738@qq.com
- 45 http://www.sjie.org/