<% SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare" SQL_inj = split(SQL_Injdata,"|") If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then Response.Write "SQL通用防注入系统" Response.end end if next Next End If If Request.Form<>"" Then For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then Response.Write "SQL通用防注入系统" Response.end end if next next end if %> <% 'ASP防注入代码 Dim flashack_Post,flashack_Get,flashack_In,flashack_Inf,flashack_Xh,flashack_db,flashack_dbstr flashack_In = "'※;※and※exec※insert※select※delete※update※count※*※%※chr※mid※master※truncate※char※declare" flashack_Inf = split(flashack_In,"※") If Request.Form<>"" Then For Each flashack_Post In Request.Form For flashack_Xh=0 To Ubound(flashack_Inf) If Instr(LCase(Request.Form(flashack_Post)),flashack_Inf(flashack_Xh))<>0 Then Response.Write "" Response.Write "非法操作!系统做了如下记录↓
" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间:"&Now&"
" Response.Write "操作页面:"&Request.ServerVariables("URL")&"
" Response.Write "提交方式:POST
" Response.Write "提交参数:"&flashack_Post&"
" Response.Write "提交数据:"&Request.Form(flashack_Post) Response.End End If Next Next End If If Request.QueryString<>"" Then For Each flashack_Get In Request.QueryString For flashack_Xh=0 To Ubound(flashack_Inf) If Instr(LCase(Request.QueryString(flashack_Get)),flashack_Inf(flashack_Xh))<>0 Then Response.Write "" Response.Write "非法操作!flashack已经给你做了如下记录↓
" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"
" Response.Write "操作时间:"&Now&"
" Response.Write "操作页面:"&Request.ServerVariables("URL")&"
" Response.Write "提交方式:GET
" Response.Write "提交参数:"&flashack_Get&"
" Response.Write "提交数据:"&Request.QueryString(flashack_Get) Response.End End If Next Next End If %> <% dim sql_injdata,SQL_inj,SQL_Get,SQL_Data,Sql_Post SQL_injdata = "'|and|exec|insert|select|delete|update|count|chr|master|truncate|char|declare" SQL_inj = split(SQL_Injdata,"|") If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(SQL_inj) if instr(LCase(Request.QueryString(SQL_Get)),Sql_Inj(Sql_DATA))>0 Then Response.Write "" Response.end end if next Next End If If Request.Form<>"" Then For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(SQL_inj) if instr(LCase(Request.Form(Sql_Post)),Sql_Inj(Sql_DATA))>0 Then Response.Write "" Response.end end if next next end if %> 深圳留学,深圳国际教育,英迪尔教育,国际教育权威站点 bulova mens watch

 

Copyright 2009 inteedu.org All Rights Reserved 英迪尔 深圳国际教育、深圳留学版权所有.