SQL通用防注入模块
1Dim CSB_NoSqlHack_AllStr,CSB_NoSqlHack_Str,CSB_NoSqlHack_ComeUrlGet,CSB_NoSqlHack_ComeUrlPost,CSB_NoSqlHack_Get,CSB_NoSqlHack_Post,CSB_NoSqlHack_i
2'On Error Resume Next
3'定义SQL过滤字符集
4CSB_NoSqlHack_AllStr="'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
5'QueryString 集合检索 HTTP 查询字符串中变量的值。HTTP 查询字符串由问号 (?) 后的值指定。
6CSB_NoSqlHack_ComeUrlGet = Request.QueryString
7'Request.Form 集合检索 Form 查询表单提交是否存在SQL入注攻击
8CSB_NoSqlHack_ComeUrlPost = Request.Form
9CSB_NoSqlHack_Str = Split(CSB_NoSqlHack_AllStr,"|")
10
11'Post
12If CSB_NoSqlHack_ComeUrlPost<>"" then
13 For Each CSB_NoSqlHack_Post In Request.Form
14 For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)
15 If Instr(LCase(CSB_NoSqlHack_ComeUrlPost),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then
16 'Response.Write("Error,请不要进行非法提交!")
17 'Response.End
18 Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"
19 Response.Write "非法操作:系统做了如下记录↓<br>"
20 Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
21 Response.Write "操作时间:"&Now&"<br>"
22 Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
23 Response.Write "提交方式:POST<br>"
24 Response.Write "提交参数:"&CSB_NoSqlHack_Post&"<br>"
25 Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlPost
26 Response.End
27 End if
28 Next
29 Next
30End if
31
32'Get
33If CSB_NoSqlHack_ComeUrlGet<>"" then
34 For Each CSB_NoSqlHack_Get In Request.QueryString
35 For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)
36 'Response.Write CSB_NoSqlHack_ComeUrlGet
37 If Instr(LCase(CSB_NoSqlHack_ComeUrlGet),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then
38 'Response.Write("Error,请不要进行非法提交!")
39 'Response.End
40 Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"
41 Response.Write "非法操作:系统做了如下记录↓<br>"
42 Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
43 Response.Write "操作时间:"&Now&"<br>"
44 Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
45 Response.Write "提交方式:POST<br>"
46 Response.Write "提交参数:"&CSB_NoSqlHack_Get&"<br>"
47 Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlGet
48 Response.End
49 End if
50 Next
51 Next
52End if
2'On Error Resume Next
3'定义SQL过滤字符集
4CSB_NoSqlHack_AllStr="'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
5'QueryString 集合检索 HTTP 查询字符串中变量的值。HTTP 查询字符串由问号 (?) 后的值指定。
6CSB_NoSqlHack_ComeUrlGet = Request.QueryString
7'Request.Form 集合检索 Form 查询表单提交是否存在SQL入注攻击
8CSB_NoSqlHack_ComeUrlPost = Request.Form
9CSB_NoSqlHack_Str = Split(CSB_NoSqlHack_AllStr,"|")
10
11'Post
12If CSB_NoSqlHack_ComeUrlPost<>"" then
13 For Each CSB_NoSqlHack_Post In Request.Form
14 For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)
15 If Instr(LCase(CSB_NoSqlHack_ComeUrlPost),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then
16 'Response.Write("Error,请不要进行非法提交!")
17 'Response.End
18 Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"
19 Response.Write "非法操作:系统做了如下记录↓<br>"
20 Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
21 Response.Write "操作时间:"&Now&"<br>"
22 Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
23 Response.Write "提交方式:POST<br>"
24 Response.Write "提交参数:"&CSB_NoSqlHack_Post&"<br>"
25 Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlPost
26 Response.End
27 End if
28 Next
29 Next
30End if
31
32'Get
33If CSB_NoSqlHack_ComeUrlGet<>"" then
34 For Each CSB_NoSqlHack_Get In Request.QueryString
35 For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)
36 'Response.Write CSB_NoSqlHack_ComeUrlGet
37 If Instr(LCase(CSB_NoSqlHack_ComeUrlGet),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then
38 'Response.Write("Error,请不要进行非法提交!")
39 'Response.End
40 Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"
41 Response.Write "非法操作:系统做了如下记录↓<br>"
42 Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
43 Response.Write "操作时间:"&Now&"<br>"
44 Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
45 Response.Write "提交方式:POST<br>"
46 Response.Write "提交参数:"&CSB_NoSqlHack_Get&"<br>"
47 Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlGet
48 Response.End
49 End if
50 Next
51 Next
52End if
我来自:向东博客