防注入ASP脚本
<%
dim sql_leach,sql_leach_0,Sql_DATA,IP,Brown
'加入要检测出的特殊字符---------------------------------------------------------------
sql_leach = "',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c"
'用SPLIT函数把特殊的字符串分割--------------------------------------------------------
sql_leach_0 = split(sql_leach,",")
IP=request.ServerVariables("REMOTE_ADDR") '提取对方IP
Brown=request.ServerVariables("REQUEST_METHOD") '提取对方提交方式
Thispage=request.ServerVariables("URL")
'检测Request.QueryString--------------------------------------------------------------
If Request.QueryString<>"" Then
'循环开始,并查找URL设定的特殊字符----------------------------------------------------
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(sql_leach_0)
if instr(Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA))>0 Then
Set cmd=server.CreateObject("ADODB.COMMAND")
cmd.ActiveConnection = "Provider=Microsoft.Jet.Oledb.4.0;Data source=" & server.mappath("/database/SQL.mdb")
IP=request.ServerVariables("REMOTE_ADDR") '提取对方IP
Brown=request.ServerVariables("REQUEST_METHOD") '提取对方提交方式
Thispage=request.ServerVariables("URL")
cmd.commandtext="insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&')"
cmd.ActiveConnection.close
Response.Write "<font color=red>请不要尝试进行SQL注入!</font><p>"
Response.Write "你的信息已被记录↓<br>"
Response.Write "你的IP:"&IP&"<br>"
Response.Write "提交方式:"&brown&"<br>"
Response.Write "提交页面:"&Thispage&"<p>"
Response.Write "请你做一位合法的浏览者,不要触犯法律,谢谢合作!<p>"
Response.Write "【UMBRELLA网络安全小组特殊制作】"
Response.end
end if
next
Next
End If
%>
dim sql_leach,sql_leach_0,Sql_DATA,IP,Brown
'加入要检测出的特殊字符---------------------------------------------------------------
sql_leach = "',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c"
'用SPLIT函数把特殊的字符串分割--------------------------------------------------------
sql_leach_0 = split(sql_leach,",")
IP=request.ServerVariables("REMOTE_ADDR") '提取对方IP
Brown=request.ServerVariables("REQUEST_METHOD") '提取对方提交方式
Thispage=request.ServerVariables("URL")
'检测Request.QueryString--------------------------------------------------------------
If Request.QueryString<>"" Then
'循环开始,并查找URL设定的特殊字符----------------------------------------------------
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(sql_leach_0)
if instr(Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA))>0 Then
Set cmd=server.CreateObject("ADODB.COMMAND")
cmd.ActiveConnection = "Provider=Microsoft.Jet.Oledb.4.0;Data source=" & server.mappath("/database/SQL.mdb")
IP=request.ServerVariables("REMOTE_ADDR") '提取对方IP
Brown=request.ServerVariables("REQUEST_METHOD") '提取对方提交方式
Thispage=request.ServerVariables("URL")
cmd.commandtext="insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&')"
cmd.ActiveConnection.close
Response.Write "<font color=red>请不要尝试进行SQL注入!</font><p>"
Response.Write "你的信息已被记录↓<br>"
Response.Write "你的IP:"&IP&"<br>"
Response.Write "提交方式:"&brown&"<br>"
Response.Write "提交页面:"&Thispage&"<p>"
Response.Write "请你做一位合法的浏览者,不要触犯法律,谢谢合作!<p>"
Response.Write "【UMBRELLA网络安全小组特殊制作】"
Response.end
end if
next
Next
End If
%>
