<%
dim db
db="datebase/datebase.mdb" '数据库文件位置
'on error resume next
connstr="DBQ="+server.mappath(""&db&"")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
set conn=server.createobject("ADODB.CONNECTION")
if err then
err.clear
else
conn.open connstr
end if
sub CloseConn()
conn.close
set conn=nothing
end sub
%>
<%
IDCCFy_In="'|;|--|<script|<iframe|char |char(|char%|char/*|select |select%|select/*|insert |insert%|insert/*|delete |delete%|delete/*|union |union%|union/*|join |join%|join/*|drop |drop%|drop/*|declare |declare%|declare/*|update |update%|update/*|truncate |truncate%|truncate/*|create |create%|create/*|xp_cmdshell|exec |exec%|exec/*|alter |alter%|alter/*|cast |cast(|cast%|cast/*|modify |modify%|modify/*"
IDCCFy_Inf = split(IDCCFy_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each IDCCFy_Post In Request.Form
For IDCCFy_Xh=0 To Ubound(IDCCFy_Inf)
If Instr(LCase(Request.Form(IDCCFy_Post)),IDCCFy_Inf(IDCCFy_Xh))<>0 Then
'写入txt记录功击者IP跟功击时间
call FsoWriteLog("sqlinLog.txt","注入IP:"& Request.ServerVariables("REMOTE_ADDR") & "----注入时间:"&now() &"-------POST注入内容:"& Request.ServerVariables("HTTP_URL")&"?"&Request.Form(IDCCFy_Post))
cuowu="<Script Language=JavaScript>alert('您提交的内容包含了字符["&IDCCFy_Inf(IDCCFy_Xh)&"],请去除后重新提交...');</Script>"
'Response.Write (cuowu)
Response.End
End If
Next
Next
End If
'----------------------------------
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each IDCCFy_Get In Request.QueryString
For IDCCFy_Xh=0 To Ubound(IDCCFy_Inf)
If Instr(LCase(Request.QueryString(IDCCFy_Get)),IDCCFy_Inf(IDCCFy_Xh))<>0 Then
call FsoWriteLog("sqlinLog.txt","注入IP:"& Request.ServerVariables("REMOTE_ADDR") & "----注入时间:"&now() &"-------GET注入内容:"& Request.ServerVariables("HTTP_URL")&"?"&Request.QueryString(IDCCFy_Post))
cuowu="<Script Language=JavaScript>alert('您提交的内容包含了字符["&IDCCFy_Inf(IDCCFy_Xh)&"],请去除后重新提交...');</Script>"
'Response.Write (cuowu)
Response.End
End If
Next
Next
End If
'--------Cookie部份-------------------
If Request.Cookies<>"" Then
For Each IDCCFy_Get In Request.Cookies
For IDCCFy_Xh=0 To Ubound(IDCCFy_Inf)
If Instr(LCase(Request.Cookies(IDCCFy_Get)),IDCCFy_Inf(IDCCFy_Xh))<>0 Then
call FsoWriteLog("sqlinLog.txt","注入IP:"& Request.ServerVariables("REMOTE_ADDR") & "----注入时间:"&now() &"-------Cookie注入内容:"& Request.ServerVariables("HTTP_URL")&"?"&Request.Cookies(IDCCFy_Post))
cuowu="<Script Language=JavaScript>alert('您提交的内容包含了字符["&IDCCFy_Inf(IDCCFy_Xh)&"],请去除后重新提交...');</Script>"
'Response.Write (cuowu)
Response.End
End If
Next
Next
End If
'写入txt记录功击者IP跟功击时间
Function FsoWriteLog(filename,Linecontent)
Dim FSO,Fs
Set FSO= Server.CreateObject("Scripting.FileSystemObject")
if not FSO.FileExists(Server.MapPath("/")&"/"&filename) then
Set Fs = FSO.CreateTextFile(Server.MapPath("/")&"/"&filename, True)
Fs.Close
end if
Set Fs = FSO.OpenTextFile(Server.MapPath("/")&"/"&filename,8,1)
Fs.WriteLine(Linecontent)
Fs.close
Set Fs = nothing
Set FSO = nothing
End Function
%>
本代码是由小弟经一位高人指点而得
贴出来给大家分享分享
祝大家兔年吉祥!