The strong anti -SQL injection, collected a long time ago, very good, otherwise it will not be sent to everyone, huh!
Program code
<%
'Anti -injection system
Dim BQS, Berrc, BIII, BURL
bqs = request.servervariables (query_string)
If Request.servervariables (https) = Off then Burl = http: // Else Burl = https: // end if
BURL = BURL & Request.servervariables (server_name)
If Request.servervariables (Server_port) <> 80 THEN BURL = BURL &: & Request.servervariables (server_port) end if
BURL = BURL & Request.servervariables (url)
If Request.querystring <> The BURL = BURL &? & Request.qurystring End If
'Burl = Request.servervariables (url)
dim bnothis (61)
bnothis (0) = net user
bnothis (1) =@A
bnothis (2) =/add
bnothis (3) = exec%20master.dbo.xp_cmdshell
bnothis (4) = Net LocalGroup Administrators
bnothis (5) = Select
bnothis (6) = Count
bnothis (7) = asc
bnothis (8) = Char
bnothis (9) = mid
bnothis (10) = cscript.exe
bnothis (11) = DECLARE
bnothis (12) = Insert
bnothis (13) = delete
bnothis (14) = Drop
bnothis (15) = Truncate
bnothis (16) = wscript.shell
bnothis (17) =%20
bnothis (18) =
bnothis (19) = script
bnothis (20) = System32
bnothis (21) = cmdshell
bnothis (22) = SYSADMIN
bnothis (23) = ServerAdmin
bnothis (24) = setupadmin
bnothis (25) = SecurityAdmin
bnothis (26) = Diskadmin
bnothis (27) = bulkadmin
bnothis (28) = exec master.dbo.sp_addlogin
bnothis (29) = exec master.dbo.sp_password
bnothis (30) = exec master.dbo.sp_addsrvrolemember
bnothis (31) = Create
bnothis (32) = exec xp_reg
bnothis (33) = Backup
bnothis (34) = net localgroup administic
bnothis (35) = asc
bnothis (36) =+dir+
bnothis (37) = Drop Table
bnothis (38) = exec master.dboard
bnothis (39) = Master.dboard
bnothis (40) = Master.dbo.xp_regwrite
bnothis (41) = Master.dbo.Sysdatabases
bnothis (42) = DECLARE
bnothis (43) = Exec SP_OACREATE
bnothis (44) = Exec SP_OAMETHOD
bnothis (45) = xp_
bnothis (46) = SP_
bnothis (47) =%2B
bnothis (48) =%5C
bnothis (49) =@
bnothis (50) = sp_oamethod
bnothis (51) = sp_oasetproperty
bnothis (52) = sp_oastop
bnothis (53) = xp_regaddmultistring
bnothis (54) = xp_regdeletekey
bnothis (55) = xp_regdeletevalue
bnothis (56) = xp_regenumvalues
bnothis (57) = xp_regread
bnothis (58) = xp_regremovemultistic
bnothis (59) = xp_regwrite
bnothis (60) = Insert Into
bnothis (61) =. txt
Berrc = False
for biii = 0 to ubound (bnothis)
If Instr (BQS, BNOTHIS (BIII)) <> 0 or Instr (BURL, BNOTHIS (BIII)) <> 0 then
Berrc = TRUE
end if
next
if Berrc then
Dim valuery
Validentry = true
If not beingMpty (session (login)) then value = false
If validentry then
Const forming = 8
Const create = true
Dim FSO
Dim TS
Dim myfilename
'Dim Strlog
DIM Strtime, Strip, Strwords, Struse, Strport
Myfilename = server.mappath (/visited_forum.txt)
Set fso = server.createObject (scripting.filesystemObject_100502)
Set TS = FSO.OPENTEXTFILE (MyFilename, ForaPpending, Create)
Strip = Request.servervariables (Remote_addr) &
if strip = then
Strip = Request.servervariables (http_x_Forwardded_For) &FOR) &
end if
strport = Request.servervariables (Remote_port)
strwords = request.servervariables (query_string)
strtime = now ()
struSer = Request.servervariables (http_user_agent)
'Write Current Information to Log Text File.
Details of TS.Writeline attackers:
TS.Writeline attacker IP Address: & Strip
TS.Writeline attacker port: & strport
TS.Writeline client machine related environment: & struser
TS.Writeline attack time: & strongime
TS.Writeline attack page: & burl
TS.Writeline attack statement: & strongs
TS.Writeline --------------------------------------------------------------------------------------------------------------------------------------
TS.Writeline
'Create a session varialbe to check next time for valuery
Session (login) = yes
Set TS = Nothing
Set fSO = Nothing
End if
Response.write <script language = javascript> alert ('System prompt ↓/n/n Please do not enter illegal characters [& bqs &] to try!/N/N your IP [& strip &: & strport &] will be banned!/N /n If you have any questions, please contact the administrator QQ: xxxxxx '); top.location.href ='/forum/index.asp '; </script>
Response.end
end if
%>