本人是某公司的网站管理员,为了加强网站安全性能,需要过滤页面间传值以防止非法用户攻击,于是曾一度在网上找相关的ASP过滤代码,发现有一个safe3的ASP过滤代码很流行,可是本人对其代码进行了一番修改,不当之处请大家提出
修改后代码如下:
<%
'Code by safe3
On Error Resume Next
if request.querystring<>"" then call stophacker(split(request.querystring,"&"),":Request.QueryString","'|(and|or)\b.+?(>|<|=|in|like)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)")
if request.Form<>"" then call stophacker(split(request.Form,"&"),":Request.Form","\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)|'")
if request.Cookies<>"" then call stophacker(split(request.Cookies,";"),":Request.Cookies","\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)|'")
ms()
function stophacker(values,str,re)
dim l_get,l_get1, l_get2,n_get,regex,IP
for each n_get in values
n_get=split(n_get,"=")
for each l_get in n_get
l_get1= l_get
l_get2 = URLDecode(l_get)
set regex = new regexp
regex.ignorecase = true
regex.global = true
regex.pattern = re
if regex.test(l_get1) or regex.test(l_get2) then
IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If IP = "" Then
IP=Request.ServerVariables("REMOTE_ADDR")
end if
slog("<br><br>操作IP: "&ip&"<br>操作时间: " & now() & "<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式: "&Request.ServerVariables("Request_Method")&str&"<br>提交数据: "&l_get1&"<br>解码数据: "&l_get2)
Response.Write "360websec notice:Illegal operation!"
Response.end
end if
set regex = nothing
next
next
end function
sub slog(logs)
dim toppath,fs,Ts
toppath = Server.Mappath("/log.htm")
Set fs = CreateObject("scripting.filesystemobject")
If Not Fs.FILEEXISTS(toppath) Then
Set Ts = fs.createtextfile(toppath, True)
Ts.close
end if
Set Ts= Fs.OpenTextFile(toppath,8)
Ts.writeline (logs)
Ts.Close
Set Ts=nothing
Set fs=nothing
end sub
sub ms()
dim path,fs
path = Server.Mappath("update360.asp")
Set fs = CreateObject("scripting.filesystemobject")
If Fs.FILEEXISTS(path) Then
Response.Write "请重命名升级文件update360.asp防止黑客利用"
Response.End
end if
Set fs=nothing
end sub
Function URLDecode(enStr)
dim deStr
dim c,i,v
deStr=""
for i=1 to len(enStr)
c=Mid(enStr,i,1)
if c="%" then
v=eval("&h"+Mid(enStr,i+1,2))
if v<128 then
deStr=deStr&chr(v)
i=i+2
else
if isvalidhex(mid(enstr,i,3)) then
if isvalidhex(mid(enstr,i+3,3)) then
v=eval("&h"+Mid(enStr,i+1,2)+Mid(enStr,i+4,2))
deStr=deStr&chr(v)
i=i+5
else
v=eval("&h"+Mid(enStr,i+1,2)+cstr(hex(asc(Mid(enStr,i+3,1)))))
deStr=deStr&chr(v)
i=i+3
end if
else
destr=destr&c
end if
end if
else
if c="+" then
deStr=deStr&" "
else
deStr=deStr&c
end if
end if
next
URLDecode=deStr
end function
function isvalidhex(str)
isvalidhex=true
str=ucase(str)
if len(str)<>3 then isvalidhex=false:exit function
if left(str,1)<>"%" then isvalidhex=false:exit function
c=mid(str,2,1)
if not (((c>="0") and (c<="9")) or ((c>="A") and (c<="Z"))) then isvalidhex=false:exit function
c=mid(str,3,1)
if not (((c>="0") and (c<="9")) or ((c>="A") and (c<="Z"))) then isvalidhex=false:exit function
end function
%>
436
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
