我正在用 C# 开发一个应用程序,它有一些复选框。基本上,用户列表显示在屏幕上,每个用户名旁边的复选框用于指示是否要为该用户执行操作。
protected void btnMoveToAssigned_Click(Object sender, EventArgs e)
{
List<int> idsToAssign = new List<int>();
foreach (GridViewRow row in gvUnassigned.Rows)
{
if (row.RowType == DataControlRowType.DataRow)
{
CheckBox checkbox = row.FindControl("cbToAssign") as CheckBox;
if (checkbox.Checked)
{
int id;
if (Int32.TryParse(gvUnassigned.DataKeys[row.RowIndex].Value.ToString(), out id))
{
idsToAssign.Add(id);
}
}
}
}
我构建了一个 userId 列表,并将其传递给此方法:
public static bool AddApplicationCommandUsers(ORMPortalDataContext dc, ApplicationCommand applicationCOmmand, List<int> userIds)
{
List<security_command_xref_Linq> userApplicationCommandList = new List<security_command_xref_Linq>();
foreach (int userId in userIds)
{
security_command_xref_Linq scxL = new security_command_xref_Linq();
scxL.userID = userId;
scxL.command = applicationCOmmand.CommandAbbr;
// scxL.Creator = ApplicationUser.GetCurrentUser().Id;
// scxL.Created = DateTime.Now;
userApplicationCommandList.Add(scxL);
}
dc.security_command_xref_Linqs.InsertAllOnSubmit(userApplicationCommandList);
try
{
dc.SubmitChanges();
return true;
}
我用 Burp Suite 扫描了它,它给了我这些结果:
The ctl00%24MainContent%24ctrlManageCommandUsers%24ctrlApplicationCommandUsersAssignment%24gvUnassigned%24ctl32%24cbToAssign parameter appears to be vulnerable to SQL injection attacks. The payload ,(select * from (select(sleep(20)))a) was submitted in the ctl00%24MainContent%24ctrlManageCommandUsers%24ctrlApplicationCommandUsersAssignment%24gvUnassigned%24ctl32%24cbToAssign parameter. The application took more than 22062 milliseconds to respond to the request, compared with 62 milliseconds for the original request, indicating that the injected SQL command caused a time delay.
我不明白 cbToAssign 是如何容易受到攻击的。感谢您的回答。
最佳答案
恶意客户端可能只是发送 POST 请求,而不是实际使用正常的 Web 浏览器发送恶意数据;因此,该值可能容易受到攻击,特别是如果您只是按原样使用该值来构建 SQL 字符串。
关于c# - 复选框容易受到 sql 注入(inject)的攻击吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31120665/