关闭

asp防注入函数 2006-6-7-1

614人阅读 评论(0) 收藏 举报

asp防注入函数 2006-6-7-1


'SQL防入库函数
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=request(ParaName)
if ParaValue = "" then
 SafeRequest = ""
 exit function
end if

'过虑非法字符 
ParaValue = replace(ParaValue,"'","")
ParaValue = replace(ParaValue,"select ","")
ParaValue = replace(ParaValue,"insert ","")
ParaValue = replace(ParaValue,"delete ","")
ParaValue = replace(ParaValue,"count(","")
ParaValue = replace(ParaValue,"drop table ","")
ParaValue = replace(ParaValue,"update ","")
ParaValue = replace(ParaValue,"truncate ","")
ParaValue = replace(ParaValue,"asc(","")
ParaValue = replace(ParaValue,"mid(","")
ParaValue = replace(ParaValue,"char(","")
ParaValue = replace(ParaValue,"xp_cmdshell","")
ParaValue = replace(ParaValue,"exec master","")
ParaValue = replace(ParaValue,"net localgroup administrators","")
ParaValue = replace(ParaValue," and ","")
ParaValue = replace(ParaValue,"net user","")
ParaValue = replace(ParaValue," or ","")
SafeRequest=ParaValue

if IsNumeric(ParaValue) = True then
 SafeRequest=ParaValue
 exit Function
elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0  or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
  Response.Write "<script language='javascript'>"
  Response.Write "alert('可疑的SQL注入请求!');"  '发现SQL注入攻击提示信息
  Response.Write "window.history.go(-1);"  '发现SQL注入攻击转跳网址
  Response.Write "<script>"
  Response.end
else
 SafeRequest=ParaValue
End If
End function

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:88153次
    • 积分:1484
    • 等级:
    • 排名:千里之外
    • 原创:53篇
    • 转载:17篇
    • 译文:0篇
    • 评论:11条
    文章分类