asp防注入代码 过滤 get post cookies
2009-08-18 15:15
393 查看
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa ,bb
On Error Resume Next
Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|script|iframe|char|set|(*)"
aa="heike.txt" '------------------------------------------如入侵记录保存文件
Fy_Inf = split(Fy_In,"|")
'1--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cookies'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "您提交参数中包含非法字符--"+replace(bb,"(*)","'")+" 尝试注入,我们已经记录您的提交记录以及ip,数据被保存并提交到网络110系统! "
Response.Write "<br><hr>"
Response.End
end Sub
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/jsglzj/archive/2009/03/08/3969648.aspx
On Error Resume Next
Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|script|iframe|char|set|(*)"
aa="heike.txt" '------------------------------------------如入侵记录保存文件
Fy_Inf = split(Fy_In,"|")
'1--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cookies'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "您提交参数中包含非法字符--"+replace(bb,"(*)","'")+" 尝试注入,我们已经记录您的提交记录以及ip,数据被保存并提交到网络110系统! "
Response.Write "<br><hr>"
Response.End
end Sub
本文来自CSDN博客,转载请标明出处:http://blog.csdn.net/jsglzj/archive/2009/03/08/3969648.aspx
相关文章推荐
- asp防注入代码 过滤 get post cookies
- asp get和post数据接收过滤
- 黑马程序员之ASP.NET学习笔记:GET与POST的区别
- moon 8. URL重写 及 程序提交时 POST与GET请求 在代码上的区别
- sql注入之GET/POST注入
- Asp.net MVC——httppost与httpget注意事项
- ASP.NET中get方法和post方法的区别
- 通用ASP Sql防注入代码
- Android例子—HttpURLConnection发送POST、GET请求代码示例
- asp.net获取传值get和post请求
- php过滤所有恶意字符(批量过滤post,get敏感数据)
- php中get,post,cookies,session的反斜杠问题
- httpClient Post例子,Http 四种请求访问代码 HttpGet HttpPost HttpPut HttpDelete
- [ASP.NET] Http协议GET与POST
- asp.net GET 和 POST 的用法
- asp.net 中表单传值的Get和Post 的用法简介
- asp.net中Get与Post请求的区别
- [转]使用依赖关系注入在 ASP.NET Core 中编写干净代码