<
%
dim
sql_leach,sql_leach_0,Sql_DATA,IP,Brown
'
加入要检测出的特殊字符---------------------------------------------------------------
sql_leach
=
"
',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c
"
'
用SPLIT函数把特殊的字符串分割--------------------------------------------------------
sql_leach_0
=
split
(sql_leach,
"
,
"
)
IP
=
request.ServerVariables(
"
REMOTE_ADDR
"
)
'
提取对方IP
Brown
=
request.ServerVariables(
"
REQUEST_METHOD
"
)
'
提取对方提交方式
Thispage
=
request.ServerVariables(
"
URL
"
)
'
检测Request.QueryString--------------------------------------------------------------
If
Request.QueryString
<>
""
Then
'
循环开始,并查找URL设定的特殊字符----------------------------------------------------
For
Each
SQL_Get In Request.QueryString
For
SQL_Data
=
0
To
Ubound
(sql_leach_0)
if
instr
(Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA))
>
0
Then
Set
cmd
=
server.CreateObject(
"
ADODB.COMMAND
"
)
cmd.ActiveConnection
=
"
Provider=Microsoft.Jet.Oledb.4.0;Data source=
"
&
server.mappath(
"
/database/SQL.mdb
"
)
IP
=
request.ServerVariables(
"
REMOTE_ADDR
"
)
'
提取对方IP
Brown
=
request.ServerVariables(
"
REQUEST_METHOD
"
)
'
提取对方提交方式
Thispage
=
request.ServerVariables(
"
URL
"
)
cmd.commandtext
=
"
insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&')
"
cmd.ActiveConnection.close
Response.Write
"
<font color=red>请不要尝试进行SQL注入!</font><p>
"
Response.Write
"
你的信息已被记录↓<br>
"
Response.Write
"
你的IP:
"
&
IP
&
"
<br>
"
Response.Write
"
提交方式:
"
&
brown
&
"
<br>
"
Response.Write
"
提交页面:
"
&
Thispage
&
"
<p>
"
Response.Write
"
请你做一位合法的浏览者,不要触犯法律,谢谢合作!<p>
"
Response.Write
"
【UMBRELLA网络安全小组特殊制作】
"
Response.end
end
if
next
Next
End
If
%
>