PHP连接MYSQL PHP连接MYSQL数据库类
PHP字符串处理函数
2009
11:51
590
0
ASP防注入代码,ASP过滤,ASP程式员必看
前些时一台服务器给注入,什么内容都含有<script src=http://.../c....js></script>以上内容.
现在终于完全解决了,以下ASP代码从三个方面防注入,一个是GET数据,一个是POST数据,另一个是COOKIE数据,而且还能看到注入者的IP记录,注入页记录,注入关键字记录,以下是原代码:
代码如下
<%
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa,bb
On Error Resume Next
Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|script|iframe|char|set|(*)"
aa="heike.txt"
Fy_Inf = split(Fy_In,"|")
'1--------POST------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cookies'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "Noel提示--"+replace(bb,"(*)","'")+"你的攻击被记录,并提交到110网警处了"
Response.Write "<br><hr>"
Response.End
end Sub
%>
这样后,你就可以在自己网站相应的目录下查看heike.txt文件,里有攻击者的相关信息了
前些时一台服务器给注入,什么内容都含有<script src=http://.../c....js></script>以上内容.
现在终于完全解决了,以下ASP代码从三个方面防注入,一个是GET数据,一个是POST数据,另一个是COOKIE数据,而且还能看到注入者的IP记录,注入页记录,注入关键字记录,以下是原代码:
代码如下
<%
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa,bb
On Error Resume Next
Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|script|iframe|char|set|(*)"
aa="heike.txt"
Fy_Inf = split(Fy_In,"|")
'1--------POST------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3=now()&" "&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cookies'+'"& Fy_Inf(Fy_Xh) &"'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","(*)")&""
bb=Fy_Inf(Fy_Xh)
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "Noel提示--"+replace(bb,"(*)","'")+"你的攻击被记录,并提交到110网警处了"
Response.Write "<br><hr>"
Response.End
end Sub
%>
这样后,你就可以在自己网站相应的目录下查看heike.txt文件,里有攻击者的相关信息了
作者:noel@淘宝网女装新款秋装连衣裙裤子外套上衣_2012时尚女装新款 Ecmall二次开发-PHP技术
地址:http://www.laohucheng.com/post/262/
版权所有©转载时必须以链接形式注明作者和原始出处及本声明!
