SQL通用防注入模块
1
Dim CSB_NoSqlHack_AllStr,CSB_NoSqlHack_Str,CSB_NoSqlHack_ComeUrlGet,CSB_NoSqlHack_ComeUrlPost,CSB_NoSqlHack_Get,CSB_NoSqlHack_Post,CSB_NoSqlHack_i
2'On Error Resume Next
3'定义SQL过滤字符集
4CSB_NoSqlHack_AllStr="'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
5'QueryString 集合检索 HTTP 查询字符串中变量的值。HTTP 查询字符串由问号 (?) 后的值指定。
6CSB_NoSqlHack_ComeUrlGet = Request.QueryString
7'Request.Form 集合检索 Form 查询表单提交是否存在SQL入注攻击
8CSB_NoSqlHack_ComeUrlPost = Request.Form
9CSB_NoSqlHack_Str = Split(CSB_NoSqlHack_AllStr,"|")
10
11'Post
12If CSB_NoSqlHack_ComeUrlPost<>"" then
13 For Each CSB_NoSqlHack_Post In Request.Form
14 For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)
15 If Instr(LCase(CSB_NoSqlHack_ComeUrlPost),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then
16 'Response.Write("Error,请不要进行非法提交!")
17 'Response.End
18 Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"
19 Response.Write "非法操作:系统做了如下记录↓<br>"
20 Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
21 Response.Write "操作时间:"&Now&"<br>"
22 Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
23 Response.Write "提交方式:POST<br>"
24 Response.Write "提交参数:"&CSB_NoSqlHack_Post&"<br>"
25 Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlPost
26 Response.End
27 End if
28 Next
29 Next
30End if
31
32'Get
33If CSB_NoSqlHack_ComeUrlGet<>"" then
34 For Each CSB_NoSqlHack_Get In Request.QueryString
35 For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)
36 'Response.Write CSB_NoSqlHack_ComeUrlGet
37 If Instr(LCase(CSB_NoSqlHack_ComeUrlGet),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then
38 'Response.Write("Error,请不要进行非法提交!")
39 'Response.End
40 Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"
41 Response.Write "非法操作:系统做了如下记录↓<br>"
42 Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
43 Response.Write "操作时间:"&Now&"<br>"
44 Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
45 Response.Write "提交方式:POST<br>"
46 Response.Write "提交参数:"&CSB_NoSqlHack_Get&"<br>"
47 Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlGet
48 Response.End
49 End if
50 Next
51 Next
52End if
Dim CSB_NoSqlHack_AllStr,CSB_NoSqlHack_Str,CSB_NoSqlHack_ComeUrlGet,CSB_NoSqlHack_ComeUrlPost,CSB_NoSqlHack_Get,CSB_NoSqlHack_Post,CSB_NoSqlHack_i2
'On Error Resume Next3
'定义SQL过滤字符集4
CSB_NoSqlHack_AllStr="'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"5
'QueryString 集合检索 HTTP 查询字符串中变量的值。HTTP 查询字符串由问号 (?) 后的值指定。6
CSB_NoSqlHack_ComeUrlGet = Request.QueryString 7
'Request.Form 集合检索 Form 查询表单提交是否存在SQL入注攻击8
CSB_NoSqlHack_ComeUrlPost = Request.Form9
CSB_NoSqlHack_Str = Split(CSB_NoSqlHack_AllStr,"|")10
11
'Post12
If CSB_NoSqlHack_ComeUrlPost<>"" then13
For Each CSB_NoSqlHack_Post In Request.Form14
For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)15
If Instr(LCase(CSB_NoSqlHack_ComeUrlPost),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then16
'Response.Write("Error,请不要进行非法提交!")17
'Response.End18
Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"19
Response.Write "非法操作:系统做了如下记录↓<br>"20
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"21
Response.Write "操作时间:"&Now&"<br>"22
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"23
Response.Write "提交方式:POST<br>"24
Response.Write "提交参数:"&CSB_NoSqlHack_Post&"<br>"25
Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlPost26
Response.End27
End if28
Next29
Next30
End if31
32
'Get33
If CSB_NoSqlHack_ComeUrlGet<>"" then 34
For Each CSB_NoSqlHack_Get In Request.QueryString35
For CSB_NoSqlHack_i = 0 To Ubound(CSB_NoSqlHack_Str)36
'Response.Write CSB_NoSqlHack_ComeUrlGet37
If Instr(LCase(CSB_NoSqlHack_ComeUrlGet),CSB_NoSqlHack_Str(CSB_NoSqlHack_i))<>0 Then38
'Response.Write("Error,请不要进行非法提交!")39
'Response.End40
Response.Write "<Script Language=JavaScript>alert('SQL通用防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入!\n\nHttp://Www.Asduif.Com 系统版本:V1.0(ASP)版\n\nCoding By:Corin Design By:Macdesign');</Script>"41
Response.Write "非法操作:系统做了如下记录↓<br>"42
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"43
Response.Write "操作时间:"&Now&"<br>"44
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"45
Response.Write "提交方式:POST<br>"46
Response.Write "提交参数:"&CSB_NoSqlHack_Get&"<br>"47
Response.Write "提交数据:"&CSB_NoSqlHack_ComeUrlGet48
Response.End49
End if50
Next51
Next52
End if
我来自:向东博客
浙公网安备 33010602011771号