防网站漏洞扫描asp代码,也就是防注入的通用代码
2012-01-09 21:29:16| 分类: 默认分类 | 标签: |字号大中小 订阅
把下面的代码保存在公用文件里就可以防止注入扫描了,比方说conn.asp 里,根据多年开发的经验建议将网站后台和前台分离,后台一个conn.asp 前台一个conn.asp 前台conn.asp加如下代码
<%
Dim flashack_Post,flashack_Get,flashack_In,flashack_Inf,flashack_Xh,flashack_db,flashack_dbstr
flashack_In = "'※;※and※exec※insert※select※delete※update※count※*※%※chr※mid※master※truncate※char※declare"
flashack_Inf = split(flashack_In,"※")
If Request.Form<>"" Then
For Each flashack_Post In Request.Form
For flashack_Xh=0 To Ubound(flashack_Inf)
If Instr(LCase(Request.Form(flashack_Post)),flashack_Inf(flashack_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert('flashack防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入,QQ:382601350!\n\nhttp://hi.baidu.com/liushankao339/home');</Script>"
Response.Write "非法操作!系统做了如下记录↓<br>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
Response.Write "操作时间:"&Now&"<br>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
Response.Write "提交方式:POST<br>"
Response.Write "提交参数:"&flashack_Post&"<br>"
Response.Write "提交数据:"&Request.Form(flashack_Post)
Response.End
End If
Next
Next
End If
If Request.QueryString<>"" Then
For Each flashack_Get In Request.QueryString
For flashack_Xh=0 To Ubound(flashack_Inf)
If Instr(LCase(Request.QueryString(flashack_Get)),flashack_Inf(flashack_Xh))<>0 Then
Response.Write "<Script Language=JavaScript>alert('flashack防注入系统提示你↓\n\n请不要在参数中包含非法字符尝试注入,QQ:382601350!\n\nhttp://hi.baidu.com/liushankao339/home');</Script>"
Response.Write "非法操作!flashack已经给你做了如下记录↓<br>"
本内容试读结束,登录后可阅读更多
下载后可阅读完整内容,剩余1页未读,立即下载