<
%
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'
ASP通用防注入代码
'
您可以把该代码COPY到头文件中.也可以单独作
'
为一个文件存在,每次调用使用
'
作者:y3gu - 2005-7-29
'
http://www.dosu.cn
'
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim
GetFlag
Rem
(提交方式)
Dim
ErrorSql
Rem
(非法字符)
Dim
RequestKey
Rem
(提交数据)
Dim
ForI
Rem
(循环标记)
ErrorSql
=
"
'~;~and~(~)~exec~update~count~*~%~chr~mid
~master~truncate~char~declare
"
Rem(每个敏感字符或者词语请使用半角
"
~
"
格开)
ErrorSql
=
split
(ErrorSql,
"
~
"
)
If
Request.ServerVariables(
"
REQUEST_METHOD
"
)
=
"
GET
"
Then
GetFlag
=
True
Else
GetFlag
=
False
End
If
If
GetFlag
Then
For
Each
RequestKey In Request.QueryString
For
ForI
=
0
To
Ubound
(ErrorSql)
If
Instr
(
LCase
(Request.QueryString(RequestKey)),ErrorSql(ForI))
<>
0
Then
response.write
"
<script>alert(""警告: 请不要使用敏感字符"");location.href=""Sql.asp"";</script>
"
Response.End
End
If
Next
Next
Else
For
Each
RequestKey In Request.Form
For
ForI
=
0
To
Ubound
(ErrorSql)
If
Instr
(
LCase
(Request.Form(RequestKey)),ErrorSql(ForI))
<>
0
Then
response.write
"
<script>alert(""警告: 请不要使用敏感字符"");location.href=""Sql.asp"";</script>
"
Response.End
End
If
Next
Next
End
If
%
>
第二个
Function
Checkstr(Str)
If
Isnull
(Str)
Then
CheckStr
=
""
Exit
Function
End
If
Str
=
Replace
(Str,
Chr
(
0
),
""
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
""
"
,
"
"", 1, -1, 1)
Str
=
Replace
(Str,
"
<;
"
,
"
<;
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
>;
"
,
"
>;
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
script
"
,
"
script
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
SCRIPT
"
,
"
SCRIPT
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
Script
"
,
"
Script
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
script
"
,
"
Script
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
object
"
,
"
object
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
OBJECT
"
,
"
OBJECT
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
Object
"
,
"
Object
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
object
"
,
"
Object
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
applet
"
,
"
applet
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
APPLET
"
,
"
APPLET
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
Applet
"
,
"
Applet
"
,
1
, -
1
,
0
) Str
=
Replace
(Str,
"
applet
"
,
"
Applet
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
[
"
,
"
[
"
) Str
=
Replace
(Str,
"
]
"
,
"
]
"
) Str
=
Replace
(Str,
"
""
"
,
""
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
=
"
,
"
=
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
’
"
,
"
’’
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
select
"
,
"
select
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
execute
"
,
"
execute
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
exec
"
,
"
exec
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
join
"
,
"
join
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
union
"
,
"
union
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
where
"
,
"
where
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
insert
"
,
"
insert
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
delete
"
,
"
delete
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
update
"
,
"
update
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
like
"
,
"
like
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
drop
"
,
"
drop
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
create
"
,
"
create
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
rename
"
,
"
rename
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
count
"
,
"
count
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
chr
"
,
"
chr
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
mid
"
,
"
mid
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
truncate
"
,
"
truncate
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
nchar
"
,
"
nchar
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
char
"
,
"
char
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
alter
"
,
"
alter
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
cast
"
,
"
cast
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
"
exists
"
,
"
exists
"
,
1
, -
1
,
1
) Str
=
Replace
(Str,
Chr
(
13
),
"
<;br>;
"
,
1
, -
1
,
1
) CheckStr
=
Replace
(Str,
"
’
"
,
"
’’
"
,
1
, -
1
,
1
)
End Function
995
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
