強力防SQL注入,很久之前收集的,非常不錯,不然也不會發給大家,呵呵!
程序代碼
<%
'防注入系統
dim bqs,berrc,biii,burl
bqs=request.servervariables(query_string)
If Request.ServerVariables(HTTPS) = off Then bUrl = http:// Else bUrl = https:// End If
bUrl = bUrl & Request.ServerVariables(SERVER_NAME)
If Request.ServerVariables(SERVER_PORT) <> 80 Then bUrl = bUrl &:& Request.ServerVariables(SERVER_PORT) End If
bUrl = bUrl & Request.ServerVariables(URL)
If Request.QueryString <> Then bUrl = bUrl & ? & Request.QueryString End If
'burl=Request.ServerVariables(URL)
dim bnothis(61)
bnothis(0)=net user
bnothis(1)=@a
bnothis(2)=/add
bnothis(3)=exec%20master.dbo.xp_cmdshell
bnothis(4)=net localgroup administrators
bnothis(5)=select
bnothis(6)=count
bnothis(7)=asc
bnothis(8)=char
bnothis(9)=mid
bnothis(10)=cscript.exe
bnothis(11)=declare
bnothis(12)=insert
bnothis(13)=delete
bnothis(14)=drop
bnothis(15)=truncate
bnothis(16)=wscript.shell
bnothis(17)=%20
bnothis(18)=
bnothis(19)=script
bnothis(20)=system32
bnothis(21)=CmdShell
bnothis(22)=sysadmin
bnothis(23)=serveradmin
bnothis(24)=setupadmin
bnothis(25)=securityadmin
bnothis(26)=diskadmin
bnothis(27)=bulkadmin
bnothis(28)=exec master.dbo.sp_addlogin
bnothis(29)=exec master.dbo.sp_password
bnothis(30)=exec master.dbo.sp_addsrvrolemember
bnothis(31)=create
bnothis(32)=exec xp_reg
bnothis(33)=backup
bnothis(34)=net localgroup administrators
bnothis(35)=Asc
bnothis(36)=+dir+
bnothis(37)=drop table
bnothis(38)=exec master.dbo.sp_addextendedproc
bnothis(39)=master.dbo.sysobjects
bnothis(40)=master.dbo.xp_regwrite
bnothis(41)=master.dbo.sysdatabases
bnothis(42)=DECLARE
bnothis(43)=EXEC sp_oacreate
bnothis(44)=EXEC sp_oamethod
bnothis(45)=xp_
bnothis(46)=Sp_
bnothis(47)=%2B
bnothis(48)=%5c
bnothis(49)=@
bnothis(50)=Sp_OAMethod
bnothis(51)=Sp_OASetProperty
bnothis(52)=Sp_OAStop
bnothis(53)=Xp_regaddmultistring
bnothis(54)=Xp_regdeletekey
bnothis(55)=Xp_regdeletevalue
bnothis(56)=Xp_regenumvalues
bnothis(57)=Xp_regread
bnothis(58)=Xp_regremovemultistring
bnothis(59)=Xp_regwrite
bnothis(60)=insert into
bnothis(61)=.txt
berrc=False
for biii= 0 to ubound(bnothis)
if instr(bqs,bnothis(biii))<>0 or instr(burl,bnothis(biii))<>0 Then
berrc=true
end if
next
if berrc Then
Dim ValidEntry
ValidEntry = True
If not IsEmpty(Session(LogIn)) Then ValidEntry = False
If ValidEntry Then
Const ForAppending = 8
Const Create = true
Dim FSO
DIM TS
DIM MyFileName
'Dim strLog
Dim strTime,strip,strwords,struser,strport
MyFileName = Server.MapPath(/visited_forum.txt)
Set FSO = Server.CreateObject(Scripting.FileSystemObject_100502)
Set TS = FSO.OpenTextFile(MyFileName, ForAppending, Create)
strip=Request.ServerVariables (REMOTE_ADDR) &
if strip= then
strip=Request.ServerVariables(HTTP_X_FORWARDED_FOR) &
end if
strport=Request.ServerVariables(REMOTE_PORT)
strwords=request.servervariables(query_string)
strtime=now()
struser=request.servervariables(http_user_agent)
' Write current information to Log Text File.
Ts.writeline 攻擊者詳細資料:
Ts.writeline 攻擊者IP地址:&strip
Ts.writeline 攻擊者端口:&strport
Ts.writeline 客戶端機器的相關環境:&struser
Ts.writeline 攻擊時間:&strtime
Ts.writeline 攻擊頁面:&burl
Ts.writeline 攻擊語句:&strwords
Ts.writeline ----------------------------------------
TS.Writeline
' Create a session varialbe to check next time for ValidEntry
Session(LogIn) = yes
Set TS = Nothing
Set FSO = Nothing
End If
Response.Write <Script Language=JavaScript>alert('系統提示↓/n/n請不要輸入非法字符[&bqs&]嘗試注入!/n/n您的IP[&strip&:&strport&]將被本站禁止!/n /n如有疑問請聯繫管理員QQ:xxxxxx');top.location.href='/forum/index.asp';</Script>
Response.end
end If
%>