📄 conn.asp

📁 DNS服务,有web管理功能
💻 ASP
字号:
<%@LANGUAGE="VBSCRIPT"%>
<%response.buffer=true%>
<%

'WinMyDNS数据库链接参数,请在这里手工修改
'##############################################################################################
WinMyDNSDbType="0"			'数据为类型,0:Access,1:mssql数据库
WInMyDNSAccessFile="../DB/WinMyDNS.MDB"	'Access数据库文件名
WinMyDNSDbIP = "127.0.0.1"		'WINIIS_Server 数据库IP地址
WinMyDNSDbName="WinMyDNS"				'WINIIS_Server 数据库名
WinMyDNSDbUser="sa"					'WINIIS_Server 数据库用户名
WinMyDNSDbPass="linyang"			'WINIIS_Server 数据库密码
WinMyDNSURL="url.winmydns.com"		'winmydns URL转发服务器的域名
'##############################################################################################



PageCount = "100"

Set conn = Server.CreateObject("ADODB.Connection")

if WinMyDNSDbType ="1" then
connstr="Provider=SQLOLEDB.1; Persist Security Info=True; Data Source="&WinMyDNSDbIP&"; Initial Catalog="&WinMyDNSDbName&"; User ID="&WinMyDNSDbUser&"; Password="&WinMyDNSDbPass
else
connstr="DBQ="+Server.Mappath(WInMyDNSAccessFile)+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
end if

conn.Open connstr


'SQL防入库函数
Function SafeRequest(ParaName) 
Dim ParaValue 
ParaValue=request(ParaName)
if ParaValue = "" then
	SafeRequest = ""
	exit function
end if

'过虑非法字符	
ParaValue = replace(ParaValue,"'","")
ParaValue = replace(ParaValue,"select ","")
ParaValue = replace(ParaValue,"insert ","")
ParaValue = replace(ParaValue,"delete ","")
ParaValue = replace(ParaValue,"count(","")
ParaValue = replace(ParaValue,"drop table ","")
ParaValue = replace(ParaValue,"update ","")
ParaValue = replace(ParaValue,"truncate ","")
ParaValue = replace(ParaValue,"asc(","")
ParaValue = replace(ParaValue,"mid(","")
ParaValue = replace(ParaValue,"char(","")
ParaValue = replace(ParaValue,"xp_cmdshell","")
ParaValue = replace(ParaValue,"exec master","")
ParaValue = replace(ParaValue,"net localgroup administrators","")
ParaValue = replace(ParaValue," and ","")
ParaValue = replace(ParaValue,"net user","")
ParaValue = replace(ParaValue," or ","")
SafeRequest=ParaValue

'if IsNumeric(ParaValue) = True then
'SafeRequest=ParaValue
'exit Function
'elseIf Instr(LCase(ParaValue),"select ") > 0 or Instr(LCase(ParaValue),"insert ") > 0 or Instr(LCase(ParaValue),"delete from") > 0 or Instr(LCase(ParaValue),"count(") > 0 or Instr(LCase(ParaValue),"drop table") > 0 or Instr(LCase(ParaValue),"update ") > 0 or Instr(LCase(ParaValue),"truncate ") > 0 or Instr(LCase(ParaValue),"asc(") > 0 or Instr(LCase(ParaValue),"mid(") > 0 or Instr(LCase(ParaValue),"char(") > 0 or Instr(LCase(ParaValue),"xp_cmdshell") > 0 or Instr(LCase(ParaValue),"exec master") > 0 or Instr(LCase(ParaValue),"net localgroup administrators") > 0  or Instr(LCase(ParaValue)," and ") > 0 or Instr(LCase(ParaValue),"net user") > 0 or Instr(LCase(ParaValue)," or ") > 0 then
 'Response.Write "<script language='javascript'>"
 'Response.Write "alert('可疑的SQL注入请求!');"  '发现SQL注入攻击提示信息
 'Response.Write "location.href='http://www.winiis.com/';"  '发现SQL注入攻击转跳网址
 'Response.Write "<script>"
 'Response.end
'else
'SafeRequest=ParaValue
'End If
End function

sub PopMsg (mesg)
%>
<script language='javascript'>
<!--
alert('<%=mesg%>');
history.go(-1);
-->
</script>    

<%
response.end
end sub
%>
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -