如何在c#asp.net中修复“XPath注入”? [英] How to fix “XPath Injection” in c# asp.net?
本文介绍了如何在c#asp.net中修复“XPath注入”?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
方法CreateExchangeTb()从currencyRow元素获取用户输入。这个元素的值然后流经代码而没有经过适当的清理或验证,最终在XPath查询中使用。
Method CreateExchangeTb() gets user input from the currencyRow element. This element’s value then flows through the code without being properly sanitized or validated, and is eventually used in an XPath query.
currencyID =
currencyRow["GeniCurrencyCode"].ToString();
.
.
XPathNavigator rateNode =
exchangeNode.SelectSingleNode(string.Format("Rate[@Code='{0}' and
@ForecastValue='{1}']", currencyID, strYear));
Quote:
你能否建议如何修复XPath注入问题?
Can you please suggest how to fix XPath Injection issue ?
推荐答案
检查这个 XPATH注入 [ ^ ]。他们简要解释了机制
Check this XPATH Injection[^]. They have briefly explain the mechanism
这篇关于如何在c#asp.net中修复“XPath注入”?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
