<%''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''ASP通用防注入代码 '您可以把该代码COPY到头文件中.也可以单独作'为一个文件存在,每次调用使用 '作者:y3gu - 2005-7-29 'http://www.dosu.cn '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''Dim GetFlag Rem(提交方式)Dim ErrorSql Rem(非法字符) Dim RequestKey Rem(提交数据)Dim ForI Rem(循环标记)ErrorSql = "'~;~and~(~)~exec~update~count~*~%~chr~mid~master~truncate~char~declare" Rem(每个敏感字符或者词语请使用半角 "~" 格开)ErrorSql = split(ErrorSql,"~")If Request.ServerVariables("REQUEST_METHOD")="GET" ThenGetFlag=TrueElseGetFlag=FalseEnd IfIf GetFlag ThenFor Each RequestKey In Request.QueryStringFor ForI=0 To Ubound(ErrorSql)If Instr(LCase(Request.QueryString(RequestKey)),ErrorSql(ForI))<>0 Thenresponse.write "<script>alert(""警告: 请不要使用敏感字符"");location.href=""Sql.asp"";</script>"Response.EndEnd IfNextNext ElseFor Each RequestKey In Request.FormFor ForI=0 To Ubound(ErrorSql)If Instr(LCase(Request.Form(RequestKey)),ErrorSql(ForI))<>0 Thenresponse.write "<script>alert(""警告: 请不要使用敏感字符"");location.href=""Sql.asp"";</script>"Response.EndEnd IfNextNextEnd If%>第二个Function Checkstr(Str) If Isnull(Str) Then CheckStr = "" Exit Function End If Str = Replace(Str,Chr(0),"", 1, -1, 1) Str = Replace(Str, """", """, 1, -1, 1) Str = Replace(Str,"<;","<;", 1, -1, 1) Str = Replace(Str,">;",">;", 1, -1, 1) Str = Replace(Str, "script", "script", 1, -1, 0) Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0) Str = Replace(Str, "Script", "Script", 1, -1, 0) Str = Replace(Str, "script", "Script", 1, -1, 1) Str = Replace(Str, "object", "object", 1, -1, 0) Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0) Str = Replace(Str, "Object", "Object", 1, -1, 0) Str = Replace(Str, "object", "Object", 1, -1, 1) Str = Replace(Str, "applet", "applet", 1, -1, 0) Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0) Str = Replace(Str, "Applet", "Applet", 1, -1, 0) Str = Replace(Str, "applet", "Applet", 1, -1, 1) Str = Replace(Str, "[", "[") Str = Replace(Str, "]", "]") Str = Replace(Str, """", "", 1, -1, 1) Str = Replace(Str, "=", "=", 1, -1, 1) Str = Replace(Str, "’", "’’", 1, -1, 1) Str = Replace(Str, "select", "select", 1, -1, 1) Str = Replace(Str, "execute", "execute", 1, -1, 1) Str = Replace(Str, "exec", "exec", 1, -1, 1) Str = Replace(Str, "join", "join", 1, -1, 1) Str = Replace(Str, "union", "union", 1, -1, 1) Str = Replace(Str, "where", "where", 1, -1, 1) Str = Replace(Str, "insert", "insert", 1, -1, 1) Str = Replace(Str, "delete", "delete", 1, -1, 1) Str = Replace(Str, "update", "update", 1, -1, 1) Str = Replace(Str, "like", "like", 1, -1, 1) Str = Replace(Str, "drop", "drop", 1, -1, 1) Str = Replace(Str, "create", "create", 1, -1, 1) Str = Replace(Str, "rename", "rename", 1, -1, 1) Str = Replace(Str, "count", "count", 1, -1, 1) Str = Replace(Str, "chr", "chr", 1, -1, 1) Str = Replace(Str, "mid", "mid", 1, -1, 1) Str = Replace(Str, "truncate", "truncate", 1, -1, 1) Str = Replace(Str, "nchar", "nchar", 1, -1, 1) Str = Replace(Str, "char", "char", 1, -1, 1) Str = Replace(Str, "alter", "alter", 1, -1, 1) Str = Replace(Str, "cast", "cast", 1, -1, 1) Str = Replace(Str, "exists", "exists", 1, -1, 1) Str = Replace(Str,Chr(13),"<;br>;", 1, -1, 1) CheckStr = Replace(Str,"’","’’", 1, -1, 1) End Function 
扫一扫
1053
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
