码上快乐

相关内容   简体   繁体

asp防SQL注入

本文转载自  查看原文  2018-06-08 11:58  3136    ASP/ asp

<%

 Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa

On Error Resume Next

Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|--|script|*|char|set|(|)"

aa=" "    '------------------------------------------如入侵记录保存文件

Fy_Inf = split(Fy_In,"|")

'1--------POST部份------------------

If Request.Form<>"" Then

For Each Fy_Post In Request.Form

For Fy_Xh=0 To Ubound(Fy_Inf)

If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then

flyaway1=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","*")&""

set fs=server.CreateObject("Scripting.FileSystemObject")

set file=fs.OpenTextFile(server.MapPath(aa),8,True)

file.writeline flyaway1

file.close

set file=nothing

set fs=nothing

call aaa()

End If

Next

Next

End If

 

'2--------GET部份-------------------

If Request.QueryString<>"" Then

For Each Fy_Get In Request.QueryString

For Fy_Xh=0 To Ubound(Fy_Inf)

If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then

flyaway2=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","*")&""

set fs=server.CreateObject("Scripting.FileSystemObject")

set file=fs.OpenTextFile(server.MapPath(aa),8,True)

file.writeline flyaway2

file.close

set file=nothing

set fs=nothing

call aaa()

End If

Next

Next

End If

 

'3--------cookies部份-------------------

If Request.Cookies<>"" Then

For Each Fy_cook In Request.Cookies

For Fy_Xh=0 To Ubound(Fy_Inf)

If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then

flyaway3=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cook'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","*")&""

set fs=server.CreateObject("Scripting.FileSystemObject")

set file=fs.OpenTextFile(server.MapPath(aa),8,True)

file.writeline flyaway3

file.close

set file=nothing

set fs=nothing

call aaa()

End If

Next

Next

End If


免责声明!

本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。



猜您在找 关于SQL注入与防注入 360提供的SQL防注入 Mybatis是如何实现SQL防注入的 PHP实现防sql注入 mysql防SQL注入搜集 jdbc之防sql注入攻击 php SQL 防注入的一些经验 浅谈 C# SQL防注入 基于springboot的sql防注入过滤器 openresty用naxsi防xss、SQL注入
 
粤ICP备18138465号  © 2018-2025 CODEPRJ.COM