??????? ?????? Microsoft Source Code Analyzer for SQL Injection ?????? ??? ??????? ??????? ???? ???? ?????? SQL ?? ???????? ???????? ?? ASP?

?????? ????????? ?????? ?????????
???? ???????: 954476 - ??? ???????? ???? ????? ????? ??? ???????.
????? ???? | ?? ????

?? ??? ??????

?????

?????? ??? ??????? ?????? Microsoft Source Code Analyzer for SQL Injection. ????? ??????? ???? ??????? ?????? ????????? ???????? ??? ?????? ??? ??????? ??????? ???? ???? ?????? SQL ?? ???????? ???????? ?? ASP.

??????? ????

?????? Microsoft Source Code Analyzer for SQL Injection ?? ???? ??????? ?????? ????????? ????????? ??? ?????? ?? ?????? ??? ??????? ??????? ???? ???? ?????? SQL ?? ???????? ???????? ?? "????? ?????? ??????" (ASP). ?????? ??? ??????? ????? ??????? ?????? ?????????? ???? ???? ???????? ???????? ??? ?????? ?????? ???. ???? ????? "????? ????????" ????? ??????? ?????? ??? ???? ?? ?????????.

????????? ????????

????? ???? ??? ??????? ??? ???????? ??????:
  • ?.NET Framework 3.0

?????? ????? SQL ?? ???????? ???????? ?? ASP

?? ???? ??????? ?????? ?????? ???????? ?? ??????? Request.Form ?? Request.Querystring ?? ???????? ???????? ?? ASP ?????? ?????? SQL ????????? ???? ?? ???? ?? ????????? ???? ?????? ????? ????? SQL ?? ????? SQL ?? ???????? ???? ??? ???? ??? ???. ???? ?? ???? ????? ???? First Order SQL injection vulnerability (????? ????? ?? ?????? ?????? ???? ?????? SQL).

?? ???? ????? ????? ???????? ?? ????? ?????? ???????? ???? ????? ASP? ?? ?? ??????? ????? ???????? ??? ??? ?? ????? ???????? ?????????? ?????? ?????? SQL ????????? ?? ???? ASP ??????? ???? ?????? ????? ????? SQL ?? ????? SQL ?? ????????? ???? ??? ????. ???? ?? ???? ????? ???? Second Order SQL injection vulnerability (????? ????? ?? ?????? ??????? ???? ?????? SQL).

??????? ?? ??? ??????? ???????? ?? ?????? ??????? ????????? SQL ???????. ?????? ??? ???? ?? ????????? ??? ??????? ??????? ???? ???? ?????? SQL ?? ASP ???? ??? ????? ??? ??????? ???????? ?????? ????? ???? Microsoft ?????? ??? ?????:
http://msdn.microsoft.com/en-us/library/cc676512.aspx
?????? ?????? Microsoft Source Code Analyzer for SQL Injection ?? ?????? ??? ??? ??? ???????? ????????.

?????????

???? ??? ????? ????? ??????? ??????.

???? ??????

?????? ??? ?????? ???? ?????? ??????:
msscasi_asp.exe [/nologo] [/quiet] ?[/suppress=num;..;num] [/GlobalAsaPath=path] ?/] IncludePaths=path;..;path] /Input=file.asp?

?????

???? ?????? ??? ????? ??????? ??????? ???? ???? ?????? SQL ?? ???????? ???????? ?? ASP.

????? ????????

?? ??? ??????????? ??? ??????
??????? ?????? ?????
?/GlobalAsaPath?????????? ???? ????? Global.asa.
?/IncludePaths???????????? ?????? ????? ????? ?????? ?????? ??? ??????? ??????? ???????? ???????? ????????.
?/input??? asp???? ?????? ?????? ????? ASP ???? ??? ??????.
?/suppress warnings ?? ??? ??????? ?? ?????????.
?/nologo ?? ??? ??? ???? ??????.
?/quiet?? ??? ??? ????? ???????. ??? ??????? ?????????? ?/nologo ??/quiet? ??? ??? ????? ??????? ???.

?????

?MSSCASI_ASP /input="c:\source\logon.asp"
MSSCASI_ASP ?/GlobalAsaPath="C:\source"/input="c:\source\webitems\display.asp"
MSSCASI_ASP /GlobalAsaPath="C:\source" /input="c:\source\webitems\display.asp" /IncludePaths="C:\virtualdirectory1;C:\virtualdirectory2"
MSSCASI_ASP /input="c:\source\webitems\display.asp" /suppress="80406;80407"

?????? ???????

???? ?????? ?????? ????????? ???????:
?? ??? ??????????? ??? ??????
??????????
80400?????? ???? ???? ????? ???? ?????? SQL ?? ???? ?????? ?????? ?? ?????? Request ???? ?? ???? ?? ?????????. ??? ????????? ????? ??? ??????? ??? ??????.
80406?????? ???? ???? ????? ???? ?????? SQL ?? ???? ?????? ?????? ?? ?????? Request ??? ??? ????? ??????? ?? ???? ??? ????????? ???? ??? ?????? ?? ???? ??????? ?? ????????. ??? ?? ??? ?????? ?? ???????? ???? ??????? ??????? ??? ?????? ?? ???? ?????. ????? ???? ?? ????? ??????? ?????.
80403?????? ???? ???? ????? ???? ?????? SQL ?? ???? ?????? ????? ?? ???? ?????. ??? ???? ???????? ?? ???????? ?? ???? ???? ??? ???? ??? ??? ?????? ?????. ??? ???? ??? ???? ???????? ????? ???? ??? ?? ???? ?????. ????? ??? ?????? ???? ??????????? ???? ?? ?????????? ????? ???????.
80407?????? ???? ???? ????? ???? ?????? SQL ?? ???? ?????? ????? ?? ???? ????? ???? ??????? ?? ???? ??? ????????? ???? ??? ??????. ??? ???? ???????? ?? ???????? ?? ???? ???? ??? ???? ??? ??? ?????? ?? ??? ????????? ??? ??? ?????? ?????.
80420?????? ???? ???? ????? ???? ?????? SQL ?? ???? ?????? ??????. ??? ????? ??? ????????? ?? ???? ??????. ?????? ??? ???? ??? ?????? ?????? ?? ????? ??????? ??? ????? ??????? ?????. ??? ??? ?????????? ??????? ?? ??? ????????? ??? ??? ?????? ?????. ????? ??????? ??????? ???????? ?__sql_pre_validated ??? ?????? ?????? ????? ??? ??? ??? ?????????? ???????? ?????? ??? ??? ???????? ???????? ?? ??.
80421?????? ???? ???? ????? ???? ?????? SQL ?? ???? ?????? ??????? ???? ????? ?????? ?????? ?? ???? ??? ????????? ???? ??? ?????? ?? ???? ?????? ???? ?? ????????. ???? ??????? ??????? ???????? ?__sql_pre_validated ??? ?????? ?????? ??__sql_validate ??? ???? ?????? ????? ??? ??? ?????????? ???????? ?????? ??? ??? ???????? ???????? ?? ??.
??????? 80400 ?? ??? ????????? ?????? ??? ???? ????? ?????? ?? ??? ???? ????????? ???? ?????? ??????. ??? ??? ????? ??? ASP ????? ??? ??????? ???????? ????????? ??? ??????. ????? ?? ????????? ??? ????? ??????? ????????? SQL ??????? ?? ?????? ?????? ?? ASP? ?????? ????? ???? Microsoft ?????? ??? ?????:
http://msdn.microsoft.com/en-us/library/cc676512.aspx

??????

???? ??? ???? ??????:
  • ?? ???? ?????? ??? ??????? ASP ???????? ???????? ?? VBScript. ??? ???? ?????? ??? ????? ?????? ?????? ?? ???? ???????? ?????? ??? ??? ???? ??? Jscript.
  • ?? ????? ???? ASP ???? ???? ?? ????? ????? ??? ??????. ??? ???? ?? ?? ???? ??? ?????? ???? ????? ????? ASP. ?????? ?? ??? ??? ??????? ?? ???????.

?????

?????? ?????? Microsoft Source Code Analyzer for SQL Injection? ?????? ????? ???? Microsoft ?????? ??? ?????:
http://www.microsoft.com/downloads/details.aspx?FamilyId=58A7C46E-A599-4FCB-9AB4-A4334146B6BA
????? ?? ????????? ??? ?????? ?? ???? ????? ?????????? ?????? ????? ???? Microsoft ?????? ??? ?????:
http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx
????? ?? ????????? ??? ??? ??????? SQL ?? ASP? ?????? ????? ???? Microsoft ?????? ??? ?????:
http://msdn.microsoft.com/en-us/library/cc676512.aspx
????? ?? ????????? ??? ????? ??????? SQL? ?????? ????? ???? Microsoft ?????? ??? ?????:
http://blogs.msdn.com/sdl/archive/2008/05/15/giving-sql-injection-the-respect-it-deserves.aspx
????? ?? ????????? ??? ??????? ?????? ????? ???? Microsoft ?????? ??? ?????:
http://blogs.msdn.com/sqlsecurity
?? ?????? ???? Microsoft ?????? ??? ????? ?????? ?????? ??? ?????? ?? ??????? MSDN SQL Security:
http://forums.microsoft.com/msdn/ShowForum.aspx?ForumID=92&SiteID=1

???????

???? ???????: 954476 - ????? ??? ??????: 22/????? ???????/1429 - ??????: 1.1
????? ???
  • Microsoft ASP.NET 2.0
????? ??????: 
atdownload kbexpertiseadvanced kbcode kbexpertiseinter kbinfo kbsecadvisory kbsecurity kbsecvulnerability KB954476

????? ???????

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com