zoukankan      html  css  js  c++  java
  • 简单的asp防注入代码

    <%

    Dim XH_Post,XH_Get,XH_Cookie,XH_In,XH_Inf,XH_Xh

    XH_In = "'|;|*|and|union|declare|exec|insert|select|update|delete%20from|drop%20table|create%20table"

    XH_Inf = split(XH_In,"|")

    '--------POST部份------------------
    If Request.Form<>"" Then
    For Each XH_Post In Request.Form

    For XH_Xh=0 To Ubound(XH_Inf)
    If Instr(LCase(Request.Form(XH_Post)),XH_Inf(XH_Xh))<>0 Then

    slog("<br><br>操作ip:"&Request.ServerVariables("REMOTE_ADDR")&"<br>操作时间:"&Now&"<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式:POST<br>提交参数:"&XH_Post&"<br>提交数据:"&Request.Form(XH_Post))
    Response.Write "非法操作"
    Response.End
    End If
    Next
    Next
    End If
    '----------------------------------

    '--------GET部份-------------------
    If Request.QueryString<>"" Then
    For Each XH_Get In Request.QueryString

    For XH_Xh=0 To Ubound(XH_Inf)
    If Instr(LCase(Request.QueryString(XH_Get)),XH_Inf(XH_Xh))<>0 Then

    slog("<br><br>操作ip:"&Request.ServerVariables("REMOTE_ADDR")&"<br>操作时间:"&Now&"<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式:GET<br>提交参数:"&XH_Get&"<br>提交数据:"&Request.QueryString(XH_Get))
    Response.Write "非法操作"
    Response.End
    End If
    Next
    Next
    End If
    '----------------------------------

    '--------COOKIE部份-------------------
    If Request.Cookies<>"" Then
    For Each XH_Cookie In Request.Cookies

    For XH_Xh=0 To Ubound(XH_Inf)
    If Instr(LCase(Request.Cookies(XH_Cookie)),XH_Inf(XH_Xh))<>0 Then

    slog("<br><br>操作ip:"&Request.ServerVariables("REMOTE_ADDR")&"<br>操作时间:"&Now&"<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式:Cookie<br>提交参数:"&XH_Cookie&"<br>提交数据:"&Request.Cookies(XH_Cookie))
    Response.Write "非法操作"
    Response.End
    End If
    Next
    Next
    End If

    sub slog(logs)
            Dim toppath,fs,Ts,Errorlog
            toppath = Server.Mappath("/log.htm")
                                    Set fs = CreateObject("scripting.filesystemobject")
                                    If Not Fs.FILEEXISTS(toppath) Then
                                        Set Ts = fs.createtextfile(toppath, True)
                                        Ts.close
                                    end if
                                    Set Ts= Fs.OpenTextFile(toppath,1)
                                        Do While Not Ts.AtEndOfStream
                                                 Errorlog = Errorlog  & Ts.ReadLine  & chr(13) & chr(10)
                                        loop
                                        Ts.close
                                        Errorlog =Errorlog & logs
                                        Set Ts= Fs.OpenTextFile(toppath,2)
                                        Ts.writeline (Errorlog)
                                        Ts.Close
    end sub

    %>

  • 相关阅读:
    CSS3中background-origin和background-clip的区别
    JavaScript的赋值是引用or复制,及参数传递
    写第一个jquery插件实录
    北大acm1008
    北大acm1007
    北大acm1006
    北大acm1005
    北大acm1004
    团队绩效评估
    第二阶段冲刺第十天
  • 原文地址:https://www.cnblogs.com/Safe3/p/1358686.html
Copyright © 2011-2022 走看看