<%
'--------版权说明------------------
'SQL通用防注入程序 完美版
'--------定义部份------------------
Dim
Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,alerts
'自定义需要过滤的字串,用 "|"
分隔
Fy_In =
"'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|or"
'----------------------------------
%>
<%
Fy_Inf = split(Fy_In,"|")
'--------POST部份------------------
If
Request.Form<>"" Then
For Each Fy_Post In Request.Form
For
Fy_Xh=0 To Ubound(Fy_Inf)
If
Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
'--------写入数据库--头--------
Conn.Execute("insert into
evset_NoHackSql(Sqlin_IP,SqlIn_Web,SqlIn_TIME,SqlIn_FS,SqlIn_CS,SqlIn_SJ)
values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','"&now&"','POST','"&Fy_Post&"','"&replace(Request.Form(Fy_Post),"'","''")&"')")
Conn.close
Set Conn = Nothing
'--------写入数据库--尾--------
call e_alert()
End If
Next
Next
End If
'--------GET部份-------------------
If Request.QueryString<>""
Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To
Ubound(Fy_Inf)
If
Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
'--------写入数据库--头--------
Conn.Execute("insert into
evset_NoHackSql(SqlIn_IP,SqlIn_Web,SqlIn_TIME,SqlIn_FS,SqlIn_CS,SqlIn_SJ)
values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','"&now&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
Conn.close
Set Conn = Nothing
'--------写入数据库--尾--------
call e_alert()
End If
Next
Next
End If
'--------cookies部份-------------------
If Request.Cookies<>""
Then
For Each Fy_Get In Request.Cookies
For Fy_Xh=0 To
Ubound(Fy_Inf)
If
Instr(LCase(Request.Cookies(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
'--------写入数据库--头--------
Conn.Execute("insert into
evset_NoHackSql(SqlIn_IP,SqlIn_Web,SqlIn_TIME,SqlIn_FS,SqlIn_CS,SqlIn_SJ)
values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','"&now&"','Cookies','"&Fy_Get&"','"&replace(Request.Cookies(Fy_Get),"'","''")&"')")
Conn.close
Set Conn = Nothing
'--------写入数据库--尾--------
call e_alert()
End If
Next
Next
End If
Sub e_alert()
alerts = "<"&"Script
Language=JavaS
alerts = alerts &
"alert('请不要试图攻击本站,我们已经记录下你的信息!\n\nhttp://"&Request.ServerVariables("HTTP_HOST")&"/\n\nBy:若寒(X.L.B)
QQ:343576462');window.opener=null; window.close();"
alerts = alerts &
"<"&"/Script"&">"
Response.Write alerts
Response.End
end Sub
%>
发表评论