📄 2005414230.htm
字号:
<HTML><HEAD><TITLE>ASP防注入之解决方案--加强版-http://www.koyee.com</TITLE>
<SCRIPT src="../../ips.asp"></SCRIPT>
<META http-equiv=Content-Type content="text/html; charset=gb2312">
<META http-equiv=http://www.koyee.com content=no-cache>
<META content=可以网络在线,ASP技术,.NET技术,delphi技术,JSP技术,VB技术! name=KEYWORDS>
<STYLE type=text/css>
BODY {
BACKGROUND-IMAGE: url(images/webtop_bg3.gif); MARGIN: 0px
}
.style2 {
FONT-SIZE: 12px
}
BODY {
FONT-SIZE: 12px;
COLOR: #333333;
background-image: url();
}
TD {
FONT-SIZE: 12px; COLOR: #333333
}
TH {
FONT-SIZE: 12px; COLOR: #333333
}
A:link {
COLOR: #333333; LINE-HEIGHT: normal; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
A:visited {
COLOR: #cc3399; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
A:hover {
COLOR: #cc66ff; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
A:active {
COLOR: #ff9999; FONT-STYLE: normal; FONT-FAMILY: "宋体"; TEXT-DECORATION: none
}
.style4 {color: #FFFFFF}
.style5 {color: #000000}
.style6 {color: #FF0000}
.style7 {
color: #FF0000;
font-size: 16px;
font-weight: bold;
}
</STYLE></head>
<script language="JavaScript">
var timerID = null;
var timerRunning = false;
function stopclock (){
if(timerRunning)
clearTimeout(timerID);
timerRunning = false;}
function startclock () {
stopclock();
showtime();}
function showtime () {
var now = new Date();
var year = now.getYear();
var month = now.getMonth()+1;
var day = now.getDate();
var hours = now.getHours();
var minutes = now.getMinutes();
var seconds = now.getSeconds()
var timeValue =year +"年"
timeValue += month+"月"
timeValue += day+"日 "
timeValue += "" +((hours >= 12) ? "下午 " : "上午 " )
timeValue += ((hours >12) ? hours -12 :hours)
timeValue += ((minutes < 10) ? ":0" : ":") + minutes
timeValue += ((seconds < 10) ? ":0" : ":") + seconds
liveclock.innerHTML=timeValue
timerID = setTimeout("showtime()",1000);
timerRunning = true;}
</script>
<body onload="startclock()">
<TABLE height=60 cellSpacing=0 cellPadding=0 width="800"
align=center border=0>
<TBODY>
<TR>
<td background="../../images/webtop_bg.gif" width="332"><a target=blank href=http://wpa.qq.com/msgrd?V=1&Uin=61637663&Site=http://www.koyee.com&Menu=yes><img border="0" SRC=http://wpa.qq.com/pa?p=1:61637663:13 alt="有事就给我打电话,拼命的打"></a></td>
<td background="../../images/webtop_bg.gif" width="455"><script src="http://www.4.ads99.net/banner.php?userid=chdujian"></script></td>
</TR></TBODY></TABLE>
<TABLE height=25 cellSpacing=0 cellPadding=0 width="800"
align=center border=0>
<TBODY>
<TR>
<td background="../../images/22.gif"> <a href=../../index.htm>首页</a> | <a href=../../artical/69/1.htm>程序设计</a> | <a href=../../artical/77/1.htm>IT行情</a> | <a href=../../artical/78/1.htm>黑客攻防</a> | <a href=../../artical/79/1.htm>电脑硬件</a></td>
</TR></TBODY></TABLE>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td scope="col"><img src="http://www.asp315.com/study/images/index_r1_c1.jpg" width="800" height="83"></td>
</tr>
</table>
<TABLE height=25 cellSpacing=0 cellPadding=0 width="800"
align=center border=0>
<TBODY>
<TR>
<td width="624" bgcolor="#CCCCCC">当前位置:<a href=../../index.htm>首页</a>--><a href=../../artical/69/1.htm>程序设计</a>--><a href=../../artical/80/1.htm>ASP专区</a>-->显示文章内容</td><td width="176" bgcolor="#CCCCCC"><span id="liveclock"></span></td>
</TR></TBODY></TABLE>
<table width="800" height="406" border="1" align="center" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF">
<tr>
<td width="166" height="200" valign="top" scope="col"><table width="100%" height="163" border="0" cellpadding="0" cellspacing="0">
<tr>
<td height="119" valign="top" scope="col"><table width="180" border="0" cellspacing="0" cellpadding="0" align="center">
<form action="../../search.asp" method="post" name="searchLeftForm">
<tr bgcolor="CAF6F4" align="center">
<td height="25" bgcolor="#CC9900"><font color="#cc0000"><b>□
站 内 搜 索 □</b></font></td>
</tr>
<tr align="center">
<td style="line-height:150%" height=60> 请输入查询的字符串:<br>
<input name="search" type="text" class="button1" id="search" style="width:150">
<select name="seaguan" size="1" class="button1" id="seaguan" style="width:150">
<option value="">==> 综合查询 <==</option>
<option value="title">标题</option>
<option value="断剑">作者</option>
<option value="artical">内容</option>
<%call getNewsBoardTree()%>
</select>
</td>
</tr>
<tr align="center">
<td>
<input type="SUBMIT" name="Action" value=" 查 询 " class="button2">
<input type="RESET" name="Clear" value=" 重 写 " class="button2">
</td>
</tr>
<tr align="center">
<td height="10"></td>
</tr>
</form>
</table></td>
</tr>
<tr>
<td height="20"><table width="181" height="20" cellpadding="0" cellspacing="0">
<tr><td width="181" height="20" align="center" bgcolor="#CC9900">分类最新文章</td>
</tr>
<tr><td><a href=2005414529.htm target=_blank>使用正则表达式实现模式图片新</a></td></tr><tr><td><a href=200541450.htm target=_blank>asp常用数据库连接方法和技</a></td></tr><tr><td><a href=2005414428.htm target=_blank>使用简单的方法进行批量删除数</a></td></tr><tr><td><a href=2005414315.htm target=_blank>asp提高首页性能的一个技巧</a></td></tr><tr><td><a href=2005414230.htm target=_blank>ASP防注入之解决方案--加</a></td></tr><tr><td><a href=2005414158.htm target=_blank>使用ASP加密算法加密你的数</a></td></tr><tr><td><a href=2005414120.htm target=_blank>常用ASP自定义函数集</a></td></tr><tr><td><a href=2005414035.htm target=_blank>使用ASP生成HTML文件</a></td></tr><tr><td><a href=20054135956.htm target=_blank>在Flash中使用ASP技术</a></td></tr><tr><td><a href=200533011127.htm target=_blank>在asp中多个虚拟目录 se</a></td></tr>
</table></td>
</tr>
<tr>
<td height="20"><table width="181" height="20" cellpadding="0" cellspacing="0">
<tr><td width="181" height="20" align="center" bgcolor="#CC9900">分类热门文章</td>
</tr>
<tr><td><a href=200532713295.htm target=_blank>断剑新闻系统商业版!</a></td></tr><tr><td><a href=200532115451.htm target=_blank>有关sql注入</a></td></tr><tr><td><a href=200532115410.htm target=_blank>ASP、JSP、PHP 三种</a></td></tr><tr><td><a href=200532014532.htm target=_blank>[原创]关于断剑新闻系统1.</a></td></tr><tr><td><a href=2005320135030.htm target=_blank>[本站原创]用VS.NET封</a></td></tr><tr><td><a href=200532115337.htm target=_blank>改进性能和样式的 24个 A</a></td></tr><tr><td><a href=200532818925.htm target=_blank>初学asp的朋友 asp20</a></td></tr><tr><td><a href=2005414529.htm target=_blank>使用正则表达式实现模式图片新</a></td></tr><tr><td><a href=200532115122.htm target=_blank>用asp自动解析网页中的图片</a></td></tr><tr><td><a href=20053281846.htm target=_blank>DataGrid动态添加模板</a></td></tr>
</table></td>
</tr>
</table></td>
<td width="628" valign="top" scope="col"><table width="100%" border="0" align="center" cellspacing="0" cellpadding="5" bordercolordark="#FFFFFF" bordercolorlight="#000000" style="word-break:break-all;">
<tr>
<td width="100%">
</td>
</tr>
<tr>
<td width="100%">
<div align="center">
<p class="style7"><SPAN class=style1>ASP防注入之解决方案--加强版</SPAN></p>
<hr size="1" color="#0a778b" width="100%">
发布时间:2005-4-1 被阅览数:<SCRIPT src="../../counter.asp?id=492"></SCRIPT> 次 作者:断剑
</div>
</td>
</tr>
<tr>
<td width="100%"><p class="style6"><SPAN><% <BR><BR>'ASP防注入之解决方案 <BR>'特殊页面处理 <BR>'因为有些页通过流式传递(比如含有文件上传的表单) <BR>'如果单一使用穷举Form对象的操作就会出错 <BR>'所以要把这些页面过滤出来,同时在页面中使用sql("检测的字串")才行 <BR>'垃圾猪zero@new57.com <BR>'http://blog.csdn.net/cfaq <BR><BR><BR><BR>'将本页用include方法放在头部以让所有页都可以调用,比如include在conn.asp里 <BR>'如果有流式上传的页面请把该页加到表page中,以防form冲突 <BR><BR><BR>Dim N_no,N_noarray,req_Qs,req_F,N_i,N_dbstr,Conn,N_rs,N_userIP,N_thispage <BR>N_userip = Request.ServerVariables("REMOTE_ADDR") <BR>N_thispage = LCase(Request.ServerVariables("URL")) <BR><BR>N_no = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" '可以自己修改怀疑是注入操作的字串 <BR>N_noarray = split(LCase(N_no),"|") <BR><BR><BR>Call DBopen() <BR>Call N_check_Qs() <BR>Call N_checkPage() <BR>Call DBCLose() <BR><BR><BR>'检测当前页是否是特殊页是就调用 N_check_form() <BR>sub N_checkPage() <BR><BR>set N_rs = server.CreateObject("ADODB.RecordSet") <BR>N_rs.open "select * from page where spcpage like '%"&N_thispage&"%'",conn,1,1 <BR>if (N_rs.eof AND N_rs.Bof) then <BR>Call N_check_form() <BR>end if <BR>N_rs.Close() <BR>set N_rs = nothing <BR><BR>end sub <BR><BR><BR><BR>'检测给定字串 <BR>sub N_sql(agsql) <BR>'这里是不记录数据库,如果要改请自己修改 <BR>N_check "CUS",req_Qs,"OTHER" <BR>end sub <BR><BR>'检测Request.Form <BR>sub N_check_form() <BR>If Request.Form<>"" Then <BR>For Each req_F In Request.Form <BR>N_check req_F,Request.Form(req_F),"POST" <BR>Next <BR>end if <BR>end sub <BR><BR>'检测Request.QueryString <BR>sub N_check_Qs() <BR>If Request.QueryString<>"" Then <BR>For Each req_Qs In Request.QueryString <BR>N_check req_Qs,Request.QueryString(req_Qs),"GET" <BR>Next <BR>end if <BR>end sub <BR><BR>'检测 <BR>sub N_check(ag,agsql,sqltype) <BR>For N_i=0 To Ubound(N_noarray) <BR>If Instr(LCase(agsql),N_noarray(N_i))<>0 Then <BR>call N_regsql(ag,agsql,sqltype) <BR>Response.Write "MO" <BR>end if <BR>Next <BR>end sub <BR><BR>'记录并停止输出 <BR>'ag 名称 <BR>'agsql 内容 <BR>'sqltype 类型 <BR>sub N_regsql(ag,agsql,sqltype) <BR>if(sqltype<>"OTHER") then <BR>Conn.Execute("insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&N_userip&"','"&N_thispage&"','"&sqltype&"','"&ag&"','"&agsql&"')") <BR>end if <BR>Response.Write "<Script Language=JavaScript>alert('请不要在参数中包含非法字符尝试注入!');</Script>" <BR>Response.Write "<span style='font-size:12px'>非法操作!系统做了如下记录↓<br>" <BR>Response.Write "操作IP:"&N_userip&"<br>" <BR>Response.Write "操作时间:"&Now&"<br>" <BR>Response.Write "操作页面:"&N_thispage&"<br>" <BR>Response.Write "提交方式:"&sqltype&"<br>" <BR>Response.Write "提交参数:"&ag&"<br>" <BR>Response.Write "提交数据:"&agsql&"</span>" <BR><BR>Response.end <BR>end sub <BR><BR><BR>Sub DBopen() <BR>N_dbstr="DBQ="+server.mappath("Sql.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};" <BR>Set Conn=Server.CreateObject("ADODB.CONNECTION") <BR>Conn.open N_dbstr <BR>end SUB <BR><BR><BR>Sub DBCLose() <BR>Conn.close <BR>Set Conn = Nothing <BR>End sub <BR>%> <BR></SPAN></p>
<p><img src="http://www.koyee.com/images/dgg.gif" height="70" width="587"> </p></td>
</tr>
<tr>
<td width="628" bordercolor="0" class="font1"><p>
<hr size="1" color="#0a778b" width="100%">
<table><tr><td width="269" align="center">上一篇: <a href=../80/2005414158.htm title=使用ASP加密算法加密你的数据>使用ASP加密算法加密你的数据</a> </td>
<td width="285" align="center">下一篇: <a href=../90/200542823048.htm title=gew>gew</a></td>
</tr></table>
<hr size="1" color="#0a778b" width="100%">
<div align="right"> <a href="javascript:window.print()"><img src="../../images/printer.gif" width="16" height="14" border="0" align="absmiddle">打印本页</a> | <a href="javascript:window.close()"><img src="../../images/close.gif" width="14" height="14" border="0" align="absmiddle">关闭窗口</a> </div>
<p></p></td>
</tr>
</table></td>
</tr>
</table>
<TABLE height=62 cellSpacing=0 cellPadding=0 width="800"
align=center background=../../images/webtop_bg.gif
border=0>
<TBODY>
<TR>
<TD><div align="center" class="style4">Copyright @ 2004-2008 http://www.koyee.com 可以网络在线版权所有<br>
公司地址:江西南昌 电话:13879173467 邮编:330029<br>
email:chenxueyan9999@163.com</div></TD>
</TR></TBODY></TABLE>
</BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -