📄 wapls_sqlin.asp
字号:
<%
'==================================
'=文 件 名:wapls_sqlin.asp
'=适用版本:蓝色世纪WAP网站管理系统(CMS)V1.1
'=官方版权:http://www.wapls.com
'=文件功能:防止SQL黑客攻击并记录、锁定、屏蔽
'=文件作者:蓝色阳光
'=发行时间:2007-02-01
'==================================
'--------定义部份------------------
Dim wapls_Post,wapls_Get,wapls_In,wapls_Inf,wapls_Xh,wapls_db,wapls_dbstr,Kill_IP,WriteSql
'自定义需要过滤的字串,用 "|" 分隔
wapls_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|truncate|char|declare|or"
Kill_IP=True
WriteSql=True
wapls_Inf = split(wapls_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each wapls_Post In Request.Form
For wapls_Xh=0 To Ubound(wapls_Inf)
If Instr(LCase(Request.Form(wapls_Post)),wapls_Inf(wapls_Xh))<>0 Then
If WriteSql=True Then
sql="select * from wapls_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
if rs.eof or rs.bof then
rs.addnew
rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR")
rs("SqlIn_Web")=Request.ServerVariables("URL")
rs("SqlIn_FS")="POST"
rs("SqlIn_CS")=wapls_Post
rs("SqlIn_SJ")=replace(Request.Form(wapls_Post),"'","''")
if sqlin_ok=2 then '打开防注功能但不锁定IP
rs("Kill_ip")=False
else
rs("Kill_ip")=False '系统默认不锁定POST提交!
end if
rs.update
rs.close:set rs=nothing
End If
Response.Write "<card title=""访问出错了""><p>请不要在参数中包含非法字符尝试注"
Response.Write "非法操作!系统做了如下记录↓<br/>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br/>"
Response.Write "操作时间:"&Now&"<br/>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br/>"
Response.Write "提交方式:POST<br/>"
Response.Write "提交参数:"&wapls_Post&"<br/>"
Response.Write "提交数据:"&Request.Form(wapls_Post)
Response.write "<br/><anchor><prev/>返回上级</anchor></p></card></wml>"
Response.End
End If
End If
Next
Next
End If
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each wapls_Get In Request.QueryString
For wapls_Xh=0 To Ubound(wapls_Inf)
If Instr(replace(LCase(Request.QueryString(wapls_Get)),"<br><li>",""),wapls_Inf(wapls_Xh))<>0 Then
If WriteSql=True Then
sql="select * from wapls_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true" '2005-11-21 Updated
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,3
if rs.eof or rs.bof then
rs.addnew
rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR")
rs("SqlIn_Web")=Request.ServerVariables("URL")
rs("SqlIn_FS")="GET"
rs("SqlIn_CS")=wapls_Get
rs("SqlIn_SJ")=replace(Request.QueryString(wapls_Get),"'","''")
if sqlin_ok=2 then '打开防注功能但不锁定IP
rs("Kill_ip")=False
else
rs("Kill_ip")=True
end if
rs.update
rs.close:set rs=nothing
End If
Response.Write "<card title=""访问出错了""><p>请不要在参数中包含非法字符尝试注入!"
Response.Write "非法操作!系统做了如下记录↓<br/>"
Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br/>"
Response.Write "操作时间:"&Now&"<br/>"
Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br/>"
Response.Write "提交方式:GET<br/>"
Response.Write "提交参数:"&wapls_Get&"<br/>"
Response.Write "提交数据:"&Request.QueryString(wapls_Get)
Response.write "<br/><anchor><prev/>返回上级</anchor></p></card></wml>"
Response.End
End If
End If
Next
Next
End If
If Kill_IP=True Then
Dim cur_IP,rsKill_IP,Kill_IPsql
cur_IP=Request.ServerVariables("REMOTE_ADDR")
Kill_IPsql="select Sqlin_IP from wapls_SqlIn where Sqlin_IP='"&cur_IP&"' and kill_ip=true"
set rsKill_IP=server.createobject("adodb.recordset")
rsKill_IP.open Kill_IPsql,conn,1,1
If Not(rsKill_IP.eof or rsKill_IP.bof) Then
Response.write "<card title=""访问出错了!!""><p>"
response.write outHTM(sqlin_ok1)
Response.write "</p></card></wml>"
Response.End
End If
rsKill_IP.close:set rsKill_IP=nothing
End If
%>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -