防注入ASP脚本
<
%
dim sql_leach,sql_leach_0,Sql_DATA,IP,Brown
' 加入要检测出的特殊字符---------------------------------------------------------------
sql_leach = " ',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c "
' 用SPLIT函数把特殊的字符串分割--------------------------------------------------------
sql_leach_0 = split (sql_leach, " , " )
IP = request.ServerVariables( " REMOTE_ADDR " ) ' 提取对方IP
Brown = request.ServerVariables( " REQUEST_METHOD " ) ' 提取对方提交方式
Thispage = request.ServerVariables( " URL " )
' 检测Request.QueryString--------------------------------------------------------------
If Request.QueryString <> "" Then
' 循环开始,并查找URL设定的特殊字符----------------------------------------------------
For Each SQL_Get In Request.QueryString
For SQL_Data = 0 To Ubound (sql_leach_0)
if instr (Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA)) > 0 Then
Set cmd = server.CreateObject( " ADODB.COMMAND " )
cmd.ActiveConnection = " Provider=Microsoft.Jet.Oledb.4.0;Data source= " & server.mappath( " /database/SQL.mdb " )
IP = request.ServerVariables( " REMOTE_ADDR " ) ' 提取对方IP
Brown = request.ServerVariables( " REQUEST_METHOD " ) ' 提取对方提交方式
Thispage = request.ServerVariables( " URL " )
cmd.commandtext = " insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&') "
cmd.ActiveConnection.close
Response.Write " <font color=red>请不要尝试进行SQL注入!</font><p> "
Response.Write " 你的信息已被记录↓<br> "
Response.Write " 你的IP: " & IP & " <br> "
Response.Write " 提交方式: " & brown & " <br> "
Response.Write " 提交页面: " & Thispage & " <p> "
Response.Write " 请你做一位合法的浏览者,不要触犯法律,谢谢合作!<p> "
Response.Write " 【UMBRELLA网络安全小组特殊制作】 "
Response.end
end if
next
Next
End If
% >
dim sql_leach,sql_leach_0,Sql_DATA,IP,Brown
' 加入要检测出的特殊字符---------------------------------------------------------------
sql_leach = " ',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c "
' 用SPLIT函数把特殊的字符串分割--------------------------------------------------------
sql_leach_0 = split (sql_leach, " , " )
IP = request.ServerVariables( " REMOTE_ADDR " ) ' 提取对方IP
Brown = request.ServerVariables( " REQUEST_METHOD " ) ' 提取对方提交方式
Thispage = request.ServerVariables( " URL " )
' 检测Request.QueryString--------------------------------------------------------------
If Request.QueryString <> "" Then
' 循环开始,并查找URL设定的特殊字符----------------------------------------------------
For Each SQL_Get In Request.QueryString
For SQL_Data = 0 To Ubound (sql_leach_0)
if instr (Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA)) > 0 Then
Set cmd = server.CreateObject( " ADODB.COMMAND " )
cmd.ActiveConnection = " Provider=Microsoft.Jet.Oledb.4.0;Data source= " & server.mappath( " /database/SQL.mdb " )
IP = request.ServerVariables( " REMOTE_ADDR " ) ' 提取对方IP
Brown = request.ServerVariables( " REQUEST_METHOD " ) ' 提取对方提交方式
Thispage = request.ServerVariables( " URL " )
cmd.commandtext = " insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&') "
cmd.ActiveConnection.close
Response.Write " <font color=red>请不要尝试进行SQL注入!</font><p> "
Response.Write " 你的信息已被记录↓<br> "
Response.Write " 你的IP: " & IP & " <br> "
Response.Write " 提交方式: " & brown & " <br> "
Response.Write " 提交页面: " & Thispage & " <p> "
Response.Write " 请你做一位合法的浏览者,不要触犯法律,谢谢合作!<p> "
Response.Write " 【UMBRELLA网络安全小组特殊制作】 "
Response.end
end if
next
Next
End If
% >