fakhravari
چهارشنبه 27 مهر 1390, 04:25 صبح
با سلام
مراحل را به ترتیب اجرا کنید
ابتدا یک کلاس در پوشه App_Code ایجاد کرده به اسم
SampleSqlInjectionScreeningModule.cs
و متن زیر را کپی کنید درون کلاس
using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
namespace Sample
{
public class SampleSqlInjectionScreeningModuleCS : IHttpModule
{
public static string[] blackList = {"--",";--",";","/*","*/","@@","@",
"char","nchar","varchar","nvarchar",
"alter","begin","cast","create","cursor","declare","delete","drop","end","exec","execute",
"fetch","insert","kill","open",
"select", "sys","sysobjects","syscolumns",
"table","update"};
public void Dispose()
{
}
public void Init(HttpApplication app)
{
app.BeginRequest += new EventHandler(app_BeginRequest);
}
void app_BeginRequest(object sender, EventArgs e)
{
HttpRequest Request = (sender as HttpApplication).Context.Request;
foreach (string key in Request.QueryString)
CheckInput(Request.QueryString[key]);
foreach (string key in Request.Form)
CheckInput(Request.Form[key]);
foreach (string key in Request.Cookies)
CheckInput(Request.Cookies[key].Value);
}
private void CheckInput(string parameter)
{
for (int i = 0; i < blackList.Length; i++)
{
if ((parameter.IndexOf(blackList[i], StringComparison.OrdinalIgnoreCase) >= 0))
{
HttpContext.Current.Response.Redirect("Error_Char.htm");
}
}
}
}
}
بعد برید فایل وب کنفیک این کد اضافه کنید
<system.webServer>
<modules>
<add name="SampleSqlInjectionScreeningModuleCS" type="Sample.SampleSqlInjectionScreeningModuleCS" preCondition="managedHandler"/>
</modules>
</system.webServer>
__________________________________________________ ___________
در قسمت می توانید Global.asax
<%@ Import namespace="System.Globalization" %>
<script runat="server">
public static string[] blackList = {"--",";--",";","/*","*/","@@","@",
"char","nchar","varchar","nvarchar",
"alter","begin","cast","create","cursor","declare","delete","drop","end","exec","execute",
"fetch","insert","kill","open",
"select", "sys","sysobjects","syscolumns",
"table","update"};
private void CheckInput(string parameter)
{
CompareInfo comparer = CultureInfo.InvariantCulture.CompareInfo;
for (int i = 0; i < blackList.Length; i++)
{
if (comparer.IndexOf(parameter, blackList[i], CompareOptions.IgnoreCase) >= 0)
{
Response.Redirect("Error_Char.htm");
}
}
}
void Application_BeginRequest(object sender, EventArgs e)
{
foreach (string key in Request.QueryString)
CheckInput(Request.QueryString[key]);
foreach (string key in Request.Form)
CheckInput(Request.Form[key]);
foreach (string key in Request.Cookies)
CheckInput(Request.Cookies[key].Value);
}
</script>
خوب تمام شد حالا درون هر ورودی که مقدار های بالا باشند error.htm ظاهر میشه.
منبع
http://forums.asp.net/t/1254125.aspx
__________________________________________________ ___________________
دوستان اگه کد بهتری دارن بزار :قلب:
مراحل را به ترتیب اجرا کنید
ابتدا یک کلاس در پوشه App_Code ایجاد کرده به اسم
SampleSqlInjectionScreeningModule.cs
و متن زیر را کپی کنید درون کلاس
using System;
using System.Data;
using System.Configuration;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
namespace Sample
{
public class SampleSqlInjectionScreeningModuleCS : IHttpModule
{
public static string[] blackList = {"--",";--",";","/*","*/","@@","@",
"char","nchar","varchar","nvarchar",
"alter","begin","cast","create","cursor","declare","delete","drop","end","exec","execute",
"fetch","insert","kill","open",
"select", "sys","sysobjects","syscolumns",
"table","update"};
public void Dispose()
{
}
public void Init(HttpApplication app)
{
app.BeginRequest += new EventHandler(app_BeginRequest);
}
void app_BeginRequest(object sender, EventArgs e)
{
HttpRequest Request = (sender as HttpApplication).Context.Request;
foreach (string key in Request.QueryString)
CheckInput(Request.QueryString[key]);
foreach (string key in Request.Form)
CheckInput(Request.Form[key]);
foreach (string key in Request.Cookies)
CheckInput(Request.Cookies[key].Value);
}
private void CheckInput(string parameter)
{
for (int i = 0; i < blackList.Length; i++)
{
if ((parameter.IndexOf(blackList[i], StringComparison.OrdinalIgnoreCase) >= 0))
{
HttpContext.Current.Response.Redirect("Error_Char.htm");
}
}
}
}
}
بعد برید فایل وب کنفیک این کد اضافه کنید
<system.webServer>
<modules>
<add name="SampleSqlInjectionScreeningModuleCS" type="Sample.SampleSqlInjectionScreeningModuleCS" preCondition="managedHandler"/>
</modules>
</system.webServer>
__________________________________________________ ___________
در قسمت می توانید Global.asax
<%@ Import namespace="System.Globalization" %>
<script runat="server">
public static string[] blackList = {"--",";--",";","/*","*/","@@","@",
"char","nchar","varchar","nvarchar",
"alter","begin","cast","create","cursor","declare","delete","drop","end","exec","execute",
"fetch","insert","kill","open",
"select", "sys","sysobjects","syscolumns",
"table","update"};
private void CheckInput(string parameter)
{
CompareInfo comparer = CultureInfo.InvariantCulture.CompareInfo;
for (int i = 0; i < blackList.Length; i++)
{
if (comparer.IndexOf(parameter, blackList[i], CompareOptions.IgnoreCase) >= 0)
{
Response.Redirect("Error_Char.htm");
}
}
}
void Application_BeginRequest(object sender, EventArgs e)
{
foreach (string key in Request.QueryString)
CheckInput(Request.QueryString[key]);
foreach (string key in Request.Form)
CheckInput(Request.Form[key]);
foreach (string key in Request.Cookies)
CheckInput(Request.Cookies[key].Value);
}
</script>
خوب تمام شد حالا درون هر ورودی که مقدار های بالا باشند error.htm ظاهر میشه.
منبع
http://forums.asp.net/t/1254125.aspx
__________________________________________________ ___________________
دوستان اگه کد بهتری دارن بزار :قلب: