防注入ASP脚本

<%
dim sql_leach,sql_leach_0,Sql_DATA,IP,Brown
'加入要检测出的特殊字符---------------------------------------------------------------
sql_leach = "',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c"
'用SPLIT函数把特殊的字符串分割--------------------------------------------------------
sql_leach_0 = split(sql_leach,",")
IP
=request.ServerVariables("REMOTE_ADDR"'提取对方IP
Brown=request.ServerVariables("REQUEST_METHOD"'提取对方提交方式
Thispage=request.ServerVariables("URL")
'检测Request.QueryString--------------------------------------------------------------
If Request.QueryString<>"" Then
'循环开始,并查找URL设定的特殊字符----------------------------------------------------
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(sql_leach_0)
if instr(Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA))>0 Then
  
Set cmd=server.CreateObject("ADODB.COMMAND")
  cmd.ActiveConnection 
= "Provider=Microsoft.Jet.Oledb.4.0;Data source=" & server.mappath("/database/SQL.mdb")
  IP
=request.ServerVariables("REMOTE_ADDR"'提取对方IP
  Brown=request.ServerVariables("REQUEST_METHOD"'提取对方提交方式
  Thispage=request.ServerVariables("URL")
  cmd.commandtext
="insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&')"
  cmd.ActiveConnection.close
Response.Write 
"<font color=red>请不要尝试进行SQL注入!</font><p>"
Response.Write 
"你的信息已被记录↓<br>"
Response.Write 
"你的IP:"&IP&"<br>"
Response.Write 
"提交方式:"&brown&"<br>"
Response.Write 
"提交页面:"&Thispage&"<p>"
Response.Write 
"请你做一位合法的浏览者,不要触犯法律,谢谢合作!<p>"
Response.Write 
"【UMBRELLA网络安全小组特殊制作】"
Response.end
end if
next
Next
End If
%
>
posted @ 2009-06-19 16:03 TONYBINLJ 阅读(...) 评论(...) 编辑 收藏