asp防注入函数 2006-6-7-1

原创 2006年06月07日 18:56:00

asp防注入函数 2006-6-7-1


'SQL防入库函数
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=request(ParaName)
if ParaValue = "" then
 SafeRequest = ""
 exit function
end if

'过虑非法字符 
ParaValue = replace(ParaValue,"'","")
ParaValue = replace(ParaValue,"select ","")
ParaValue = replace(ParaValue,"insert ","")
ParaValue = replace(ParaValue,"delete ","")
ParaValue = replace(ParaValue,"count(","")
ParaValue = replace(ParaValue,"drop table ","")
ParaValue = replace(ParaValue,"update ","")
ParaValue = replace(ParaValue,"truncate ","")
ParaValue = replace(ParaValue,"asc(","")
ParaValue = replace(ParaValue,"mid(","")
ParaValue = replace(ParaValue,"char(","")
ParaValue = replace(ParaValue,"xp_cmdshell","")
ParaValue = replace(ParaValue,"exec master","")
ParaValue = replace(ParaValue,"net localgroup administrators","")
ParaValue = replace(ParaValue," and ","")
ParaValue = replace(ParaValue,"net user","")
ParaValue = replace(ParaValue," or ","")
SafeRequest=ParaValue

if IsNumeric(ParaValue) = True then
 SafeRequest=ParaValue
 exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0  or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
  Response.Write "<script language='javascript'>"
  Response.Write "alert('可疑的SQL注入请求!');"  '发现SQL注入攻击提示信息
  Response.Write "window.history.go(-1);"  '发现SQL注入攻击转跳网址
  Response.Write "<script>"
  Response.end
else
 SafeRequest=ParaValue
End If
End function

版权声明:本文为博主原创文章,未经博主允许不得转载。

相关文章推荐

万能Asp防注入代码

防注入

SQL通用防注入系统asp版 插一句话漏洞利用

今晚群里朋友叫看个站,有sql防注入,绕不过,但是有发现记录wrong的文件sqlin.asp 既然做了记录,再查看了下它的记录文件 于是想着构造个asp一句话写进去,前面...

asp防注入.txt

  • 2015-12-08 13:02
  • 370B
  • 下载

万能Asp防注入代码

放入conn.asp中(拒绝攻击 万能Asp防注入代码) 放入conn.asp中(拒绝攻击 万能Asp防注入代码) 第一种: squery=lcase(Request.ServerVar...

SQL通用防注入系统(asp)

  • 2009-08-26 15:43
  • 12KB
  • 下载

asp.net C# 防注入代码

  • 2009-07-07 08:37
  • 18KB
  • 下载

php get_magic_quotes_gpc()函数用法介绍(防注入)

magic_quotes_gpc函数在php中的作用是判断解析用户提示的数据,如包括有:post、get、cookie过来的数据增加转义字符“\”,以确保这些数据不会引起程序,特别是数据库语句因为特殊...
内容举报
返回顶部
收藏助手
不良信息举报
您举报文章:深度学习:神经网络中的前向传播和反向传播算法推导
举报原因:
原因补充:

(最多只允许输入30个字)