none
Escribí un código javascript en el TextBox que hace una exploración sqlinjection. El código no funciona en TextBox6-7 dentro de la segunda View. RRS feed

  • Pregunta

  • Escribí un código javascript en el TextBox que hace una exploración sqlinjection. El código no funciona en TextBox6-7 dentro de la segunda View

    Asp.net page

    <body onload="find();" >
        <form id="form1" runat="server">
            <div>
    
                <table class="auto-style1">
                    <tr>
                        <td class="auto-style2">Name Surname:</td>
                        <td>
                            <asp:TextBox ID="TextBox1" runat="server" Width="300px"></asp:TextBox>
                        </td>
                    </tr>
                    <tr>
                        <td class="auto-style2">Tel:</td>
                        <td>
                            <asp:TextBox ID="TextBox2" runat="server" Width="300px" Height="22px"></asp:TextBox>
                        </td>
                    </tr>
                    <tr>
                        <td class="auto-style2">Ağe:</td>
                        <td>
                            <asp:TextBox ID="TextBox3" runat="server" Width="300px"></asp:TextBox>
                        </td>
                    </tr>
                    <tr>
                        <td class="auto-style2">Class:</td>
                        <td>
                            <asp:DropDownList ID="DropDownList1" runat="server" AutoPostBack="True" OnSelectedIndexChanged="DropDownList1_SelectedIndexChanged" Width="300px">
                                <asp:ListItem Value="0">Select Class</asp:ListItem>
                                <asp:ListItem>A1</asp:ListItem>
                                <asp:ListItem>B1</asp:ListItem>
                            </asp:DropDownList>
                        </td>
                    </tr>
                    <tr>
                        <td colspan="2">
                            <asp:MultiView ID="MultiView1" runat="server">
                                <asp:View ID="View1" runat="server">
                                    <table class="auto-style1">
                                        <tr>
                                            <td class="auto-style5" colspan="2">A Classes</td>
                                        </tr>
                                        <tr>
                                            <td class="auto-style8">Lesson Name : </td>
                                            <td>
                                                <asp:TextBox ID="TextBox4" runat="server" Width="300px"></asp:TextBox>
                                            </td>
                                        </tr>
                                        <tr>
                                            <td class="auto-style8">Lesson Teacher :</td>
                                            <td>
                                                <asp:TextBox ID="TextBox5" runat="server" Width="300px"></asp:TextBox>
                                            </td>
                                        </tr>
                                    </table>
                                </asp:View>
                                <asp:View ID="View2" runat="server">
                                    <table class="auto-style1">
                                        <tr>
                                            <td class="auto-style4" colspan="2">B Classes</td>
                                        </tr>
                                        <tr>
                                            <td class="auto-style7">Lesson Name : </td>
                                            <td>
                                                <asp:TextBox ID="TextBox6" runat="server" Width="300px"></asp:TextBox>
                                            </td>
                                        </tr>
                                        <tr>
                                            <td class="auto-style7">Lesson Teacher :</td>
                                            <td>
                                                <asp:TextBox ID="TextBox7" runat="server" Width="300px"></asp:TextBox>
                                            </td>
                                        </tr>
                                    </table>
                                </asp:View>
                            </asp:MultiView>
                        </td>
                    </tr>
                </table>
    
            </div>
        </form>
    </body>

    Javascript Kodlarım

    var word = ["<", ">", "=", "where", "select", "from", "delete", "drop", "alter table", "table", "insert into", "update", "set", "join", "script", "body", "alert", "insert", "<script>"];
    var txtBoxes = ['TextBox1', 'TextBox2', 'TextBox3', 'TextBox4', 'TextBox5', 'TextBox6', 'TextBox7'];
    
    var txtBox = new Array();
    
    var find = function () {
        for (var i = 0; i <= txtBoxes.length; i++) {
            
            txtBox[i] = document.querySelector("#" + txtBoxes[i]);
            txtBox[i].addEventListener("keyup", control, true);
            txtBox[i].addEventListener("keydown", control, true);
    
        }
        
    }
    
    function control() {
        for (var i = 0; i < txtBox.length; i++) { 
            for (var x = 0; x < word.length; x++) { 
                txtBox[i].value = txtBox[i].value.replace(word[x], "");
            }
    
        }
    }

    Estoy esperando su ayuda. amigos

    miércoles, 20 de septiembre de 2017 21:39