万能Asp防注入代码 拒绝攻击
程序员文章站
2023-11-07 11:48:34
这几天着实为sql注入漏洞伤了神,网上的代码好多不是很深奥就是麻烦。终于找到了万能防注代码,分享了,呵呵 。操作简单上手,只要来个包含或放入conn.asp中,搞...
这几天着实为sql注入漏洞伤了神,网上的代码好多不是很深奥就是麻烦。终于找到了万能防注代码,分享了,呵呵 。操作简单上手,只要来个包含或放入conn.asp中,搞定。末了,估计还有一些危险字符没有放全,帮我补全一下,谢谢了!
<%
''''--------定义部份------------------
dim fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr
''''自定义需要过滤的字串,用 "防" 分隔
fy_in = "''''防;防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防-防_"
fy_inf = split(fy_in,"防")
if request.form<>"" then
for each fy_post in request.form
for fy_xh=0 to ubound(fy_inf)
if instr(lcase(request.form(fy_post)),fy_inf(fy_xh))<>0 then
response.write "<script language=javascript>alert(''''网长友情提示黑客大侠↓请不要在参数中包含非法字符尝试注入攻击本站,本站做起来很不容易的.俺是菜鸟,好怕怕,放俺一马吧!给俺留言'''');</script>"
response.write "非法操作!本站已经给大侠您做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:post<br>"
response.write "提交参数:"&fy_post&"<br>"
response.write "提交数据:"&request.form(fy_post)
response.end
end if
next
next
end if
if request.querystring<>"" then
for each fy_get in request.querystring
for fy_xh=0 to ubound(fy_inf)
if instr(lcase(request.querystring(fy_get)),fy_inf(fy_xh))<>0 then
response.write "<script language=javascript>alert(''''网长友情提示黑客大侠↓请不要在参数中包含非法字符尝试注入攻击本站,本站做起来很不容易的.俺是菜鸟,好怕怕,放俺一马吧!给俺留言'''');</script>"
response.write "非法操作!本站已经给大侠您做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:get<br>"
response.write "提交参数:"&fy_get&"<br>"
response.write "提交数据:"&request.querystring(fy_get)
response.end
end if
next
next
end if
%>
<%
''''--------定义部份------------------
dim fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr
''''自定义需要过滤的字串,用 "防" 分隔
fy_in = "''''防;防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防-防_"
fy_inf = split(fy_in,"防")
if request.form<>"" then
for each fy_post in request.form
for fy_xh=0 to ubound(fy_inf)
if instr(lcase(request.form(fy_post)),fy_inf(fy_xh))<>0 then
response.write "<script language=javascript>alert(''''网长友情提示黑客大侠↓请不要在参数中包含非法字符尝试注入攻击本站,本站做起来很不容易的.俺是菜鸟,好怕怕,放俺一马吧!给俺留言'''');</script>"
response.write "非法操作!本站已经给大侠您做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:post<br>"
response.write "提交参数:"&fy_post&"<br>"
response.write "提交数据:"&request.form(fy_post)
response.end
end if
next
next
end if
if request.querystring<>"" then
for each fy_get in request.querystring
for fy_xh=0 to ubound(fy_inf)
if instr(lcase(request.querystring(fy_get)),fy_inf(fy_xh))<>0 then
response.write "<script language=javascript>alert(''''网长友情提示黑客大侠↓请不要在参数中包含非法字符尝试注入攻击本站,本站做起来很不容易的.俺是菜鸟,好怕怕,放俺一马吧!给俺留言'''');</script>"
response.write "非法操作!本站已经给大侠您做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:get<br>"
response.write "提交参数:"&fy_get&"<br>"
response.write "提交数据:"&request.querystring(fy_get)
response.end
end if
next
next
end if
%>