枫叶SQL通用防注入 V1.0 ASP版

最新推荐文章于 2024-10-14 22:01:54 发布

Junnp

最新推荐文章于 2024-10-14 22:01:54 发布

阅读量1.4k

点赞数

文章标签： asp sql insert delete url string

< %

Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx

' ---定义部份头------

Fy_Cl = 1 ' 处理方式：1=提示信息,2=转向页面,3=先提示再转向

Fy_Zx = " Error.Asp " ' 出错时转向的页面

' ---定义部份尾------

' ----------版权说明----------------

' 枫叶SQL通用防注入 V1.0 ASP版

' 本程序由枫知秋独立开发

' 有疑问或想得到最新版请联系本人

' 联系QQ:613548

' 使用时请保留本人版权信息。

' 本程序欢迎转载

On Error Resume Next

Fy_Url = Request.ServerVariables( " QUERY_STRING " )

Fy_a = split (Fy_Url, " & " )

redim Fy_Cs( ubound (Fy_a))

On Error Resume Next

for Fy_x = 0 to ubound (Fy_a)

Fy_Cs(Fy_x) = left (Fy_a(Fy_x), instr (Fy_a(Fy_x), " = " ) - 1 )

For Fy_x = 0 to ubound (Fy_Cs)

If Fy_Cs(Fy_x) <> "" Then

If Instr ( LCase (Request(Fy_Cs(Fy_x))), " ' " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " and " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " select " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " update " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " chr " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " delete%20from " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " ; " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " insert " ) <> 0 or Instr ( LCase (Request(Fy_Cs(Fy_x))), " mid " ) <> 0 Or Instr ( LCase (Request(Fy_Cs(Fy_x))), " master. " ) <> 0 Then

Select Case Fy_Cl

Case " 1 "

Response.Write " <Script Language=javascript>alert(' 出现错误！参数 " & Fy_Cs(Fy_x) & " 的值中包含非法字符串！请不要在参数中出现：;,and,select,update,insert,delete,chr 等非法字符！ by KenJoy EMail:62561@qq.com');window.close();</Script> "

Case " 2 "

Response.Write " <Script Language=javascript>location.href=' " & Fy_Zx & " '</Script> "

Case " 3 "