Á½¸ö·ÀSQL×¢Èë¹ýÂË´úÂë

ÉÏһƪ / ÏÂһƪ  2010-07-01 22:45:21

²é¿´( 124 ) / ÆÀÂÛ( 0 ) / ÆÀ·Ö( 0 / 0 )

<%
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'ASPͨÓ÷À×¢Èë´úÂë
'Äú¿ÉÒ԰ѸôúÂëCOPYµ½Í·ÎļþÖÐ.Ò²¿ÉÒÔµ¥¶À×÷
'Ϊһ¸öÎļþ´æÔÚ,ÿ´Îµ÷ÓÃʹÓÃ
'×÷Õß:y3gu - 2005-7-29
'http://www.dosu.cn
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim GetFlag Rem(Ìá½»·½Ê½)
Dim ErrorSql Rem(·Ç·¨×Ö·û)
Dim RequestKey Rem(Ìá½»Êý¾Ý)
Dim ForI Rem(Ñ­»·±ê¼Ç)
ErrorSql = "'~;~and~(~)~exec~update~count~*~%~chr~mid
~master~truncate~char~declare" Rem(ÿ¸öÃô¸Ð×Ö·û»òÕß´ÊÓïÇëʹÓðë½Ç "~" ¸ñ¿ª)
ErrorSql = split(ErrorSql,"~")
If Request.ServerVariables("REQUEST_METHOD")="GET" Then
GetFlag=True
Else
GetFlag=False
End If
If GetFlag Then
For Each RequestKey In Request.QueryString
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.QueryString(RequestKey)),
ErrorSql(ForI))<>0 Then
response.write "<script>alert(""¾¯¸æ:\nÇ벻ҪʹÓÃÃô¸Ð×Ö·û"");location.href=""Sql.asp"";< /script>"
Response.End
End If
Next
Next
Else
For Each RequestKey In Request.Form
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.Form(RequestKey)),
ErrorSql(ForI))<>0 Then
response.write "<script>alert(""¾¯¸æ:\nÇ벻ҪʹÓÃÃô¸Ð×Ö·û"");location.href=""Sql.asp"";< /script>"
Response.End
End If
Next
Next
End If
%>

µÚ¶þ¸ö

Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, £­1, 1)
Str = Replace(Str, """", """, 1, £­1, 1)
Str = Replace(Str,"<£»","<£»", 1, £­1, 1)
Str = Replace(Str,">£»",">£»", 1, £­1, 1)
Str = Replace(Str, "script", "script", 1, £­1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, £­1, 0)
Str = Replace(Str, "Script", "Script", 1, £­1, 0)
Str = Replace(Str, "script", "Script", 1, £­1, 1)
Str = Replace(Str, "object", "object", 1, £­1, 0)
Str = Replace(Str, "OBJECT", "OBJECT", 1, £­1, 0)
Str = Replace(Str, "Object", "Object", 1, £­1, 0)
Str = Replace(Str, "object", "Object", 1, £­1, 1)
Str = Replace(Str, "applet", "applet", 1, £­1, 0)
Str = Replace(Str, "APPLET", "APPLET", 1, £­1, 0)
Str = Replace(Str, "Applet", "Applet", 1, £­1, 0)
Str = Replace(Str, "applet", "Applet", 1, £­1, 1)
Str = Replace(Str, "[", "[")
Str = Replace(Str, "]", "]")
Str = Replace(Str, """", "", 1, £­1, 1)
Str = Replace(Str, "=", "=", 1, £­1, 1)
Str = Replace(Str, "¡¯", "¡¯¡¯", 1, £­1, 1)
Str = Replace(Str, "select", "select", 1, £­1, 1)
Str = Replace(Str, "execute", "execute", 1, £­1, 1)
Str = Replace(Str, "exec", "exec", 1, £­1, 1)
Str = Replace(Str, "join", "join", 1, £­1, 1)
Str = Replace(Str, "union", "union", 1, £­1, 1)
Str = Replace(Str, "where", "where", 1, £­1, 1)
Str = Replace(Str, "insert", "insert", 1, £­1, 1)
Str = Replace(Str, "delete", "delete", 1, £­1, 1)
Str = Replace(Str, "update", "update", 1, £­1, 1)
Str = Replace(Str, "like", "like", 1, £­1, 1)
Str = Replace(Str, "drop", "drop", 1, £­1, 1)
Str = Replace(Str, "create", "create", 1, £­1, 1)
Str = Replace(Str, "rename", "rename", 1, £­1, 1)
Str = Replace(Str, "count", "count", 1, £­1, 1)
Str = Replace(Str, "chr", "chr", 1, £­1, 1)
Str = Replace(Str, "mid", "mid", 1, £­1, 1)
Str = Replace(Str, "truncate", "truncate", 1, £­1, 1)
Str = Replace(Str, "nchar", "nchar", 1, £­1, 1)
Str = Replace(Str, "char", "char", 1, £­1, 1)
Str = Replace(Str, "alter", "alter", 1, £­1, 1)
Str = Replace(Str, "cast", "cast", 1, £­1, 1)
Str = Replace(Str, "exists", "exists", 1, £­1, 1)
Str = Replace(Str,Chr(13),"<£»br>£»", 1, £­1, 1)
CheckStr = Replace(Str,"¡¯","¡¯¡¯", 1, £­1, 1)
End Function

 


ÊÕ²Ø ¾Ù±¨

TAG:

 

ÆÀ·Ö£º0

ÎÒÀ´ËµÁ½¾ä

ÈÕÀú

« 2024-04-26  
ÈÕ Ò» ¶þ Èý ËÄ Îå Áù
 123456
78910111213
14151617181920
21222324252627
282930    

Êý¾Ýͳ¼Æ

  • ·ÃÎÊÁ¿: 19176
  • ÈÕÖ¾Êý: 51
  • ½¨Á¢Ê±¼ä: 2009-04-22
  • ¸üÐÂʱ¼ä: 2010-12-09

RSS¶©ÔÄ

Open Toolbar