简单的asp防注入代码

最新推荐文章于 2016-11-09 14:29:57 发布

Mr.Gu

最新推荐文章于 2016-11-09 14:29:57 发布

阅读量109

点赞数

原文链接：http://www.cnblogs.com/Safe3/archive/2008/12/19/1358686.html

版权

Dim XH_Post,XH_Get,XH_Cookie,XH_In,XH_Inf,XH_Xh

XH_Inf = split(XH_In,"|")

'--------POST部份------------------
If Request.Form<>"" Then
For Each XH_Post In Request.Form

For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.Form(XH_Post)),XH_Inf(XH_Xh))<>0 Then

slog(" 操作ip："&Request.ServerVariables("REMOTE_ADDR")&" 操作时间："&Now&" 操作页面："&Request.ServerVariables("URL")&" 提交方式：POST 提交参数："&XH_Post&" 提交数据："&Request.Form(XH_Post))
Response.Write "非法操作"
Response.End
End If
Next
Next
End If
'----------------------------------

'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each XH_Get In Request.QueryString

For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.QueryString(XH_Get)),XH_Inf(XH_Xh))<>0 Then

slog(" 操作ip："&Request.ServerVariables("REMOTE_ADDR")&" 操作时间："&Now&" 操作页面："&Request.ServerVariables("URL")&" 提交方式：GET 提交参数："&XH_Get&" 提交数据："&Request.QueryString(XH_Get))
Response.Write "非法操作"
Response.End
End If
Next
Next
End If
'----------------------------------

'--------COOKIE部份-------------------
If Request.Cookies<>"" Then
For Each XH_Cookie In Request.Cookies

For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.Cookies(XH_Cookie)),XH_Inf(XH_Xh))<>0 Then

slog(" 操作ip："&Request.ServerVariables("REMOTE_ADDR")&" 操作时间："&Now&" 操作页面："&Request.ServerVariables("URL")&" 提交方式：Cookie 提交参数："&XH_Cookie&" 提交数据："&Request.Cookies(XH_Cookie))
Response.Write "非法操作"
Response.End
End If
Next
Next
End If

sub slog(logs)
        Dim toppath,fs,Ts,Errorlog
        toppath = Server.Mappath("/log.htm")
                                Set fs = CreateObject("scripting.filesystemobject")
                                If Not Fs.FILEEXISTS(toppath) Then
                                    Set Ts = fs.createtextfile(toppath, True)
                                    Ts.close
                                end if
                                Set Ts= Fs.OpenTextFile(toppath,1)
                                    Do While Not Ts.AtEndOfStream
                                             Errorlog = Errorlog & Ts.ReadLine & chr(13) & chr(10)
                                    loop
                                    Ts.close
                                    Errorlog =Errorlog & logs
                                    Set Ts= Fs.OpenTextFile(toppath,2)
                                    Ts.writeline (Errorlog)
                                    Ts.Close
end sub

转载于:https://www.cnblogs.com/Safe3/archive/2008/12/19/1358686.html

Mr.Gu

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
简单的asp防注入代码

<%Dim XH_Post,XH_Get,XH_Cookie,XH_In,XH_Inf,XH_XhXH_In = "'|;|*|and|union|declare|exec|insert|select|update|delete%20from|drop%20table|create%20table"XH_Inf = split(XH_In,"|")'--------POST部...
复制链接

扫一扫