Á½¸ö·ÀSQL×¢Èë¹ýÂË´úÂë
ÉÏһƪ / ÏÂһƪ 2010-07-01 22:45:21
<%
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'ASPͨÓ÷À×¢Èë´úÂë
'Äú¿ÉÒ԰ѸôúÂëCOPYµ½Í·ÎļþÖÐ.Ò²¿ÉÒÔµ¥¶À×÷
'Ϊһ¸öÎļþ´æÔÚ,ÿ´Îµ÷ÓÃʹÓÃ
'×÷Õß:y3gu - 2005-7-29
'http://www.dosu.cn
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Dim GetFlag Rem(Ìá½»·½Ê½)
Dim ErrorSql Rem(·Ç·¨×Ö·û)
Dim RequestKey Rem(Ìá½»Êý¾Ý)
Dim ForI Rem(Ñ»·±ê¼Ç)
ErrorSql =
"'~;~and~(~)~exec~update~count~*~%~chr~mid
~master~truncate~char~declare" Rem(ÿ¸öÃô¸Ð×Ö·û»òÕß´ÊÓïÇëʹÓðë½Ç
"~" ¸ñ¿ª)
ErrorSql = split(ErrorSql,"~")
If Request.ServerVariables("REQUEST_METHOD")="GET"
Then
GetFlag=True
Else
GetFlag=False
End If
If GetFlag Then
For Each RequestKey In Request.QueryString
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.QueryString(RequestKey)),
ErrorSql(ForI))<>0 Then
response.write
"<script>alert(""¾¯¸æ:\nÇ벻ҪʹÓÃÃô¸Ð×Ö·û"");location.href=""Sql.asp"";<
/script>"
Response.End
End If
Next
Next
Else
For Each RequestKey In Request.Form
For ForI=0 To Ubound(ErrorSql)
If Instr(LCase(Request.Form(RequestKey)),
ErrorSql(ForI))<>0 Then
response.write
"<script>alert(""¾¯¸æ:\nÇ벻ҪʹÓÃÃô¸Ð×Ö·û"");location.href=""Sql.asp"";<
/script>"
Response.End
End If
Next
Next
End If
%>
µÚ¶þ¸ö
Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, £1, 1)
Str = Replace(Str, """", """,
1, £1, 1)
Str = Replace(Str,"<£»","<£»", 1,
£1, 1)
Str = Replace(Str,">£»",">£»", 1,
£1, 1)
Str = Replace(Str, "script", "script",
1, £1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT",
1, £1, 0)
Str = Replace(Str, "Script", "Script",
1, £1, 0)
Str = Replace(Str, "script", "Script",
1, £1, 1)
Str = Replace(Str, "object", "object",
1, £1, 0)
Str = Replace(Str, "OBJECT", "OBJECT",
1, £1, 0)
Str = Replace(Str, "Object", "Object",
1, £1, 0)
Str = Replace(Str, "object", "Object",
1, £1, 1)
Str = Replace(Str, "applet", "applet",
1, £1, 0)
Str = Replace(Str, "APPLET", "APPLET",
1, £1, 0)
Str = Replace(Str, "Applet", "Applet",
1, £1, 0)
Str = Replace(Str, "applet", "Applet",
1, £1, 1)
Str = Replace(Str, "[", "[")
Str = Replace(Str, "]", "]")
Str = Replace(Str, """", "",
1, £1, 1)
Str = Replace(Str, "=", "=", 1, £1,
1)
Str = Replace(Str, "¡¯", "¡¯¡¯", 1, £1,
1)
Str = Replace(Str, "select", "select",
1, £1, 1)
Str = Replace(Str, "execute", "execute",
1, £1, 1)
Str = Replace(Str, "exec", "exec", 1,
£1, 1)
Str = Replace(Str, "join", "join", 1,
£1, 1)
Str = Replace(Str, "union", "union",
1, £1, 1)
Str = Replace(Str, "where", "where",
1, £1, 1)
Str = Replace(Str, "insert", "insert",
1, £1, 1)
Str = Replace(Str, "delete", "delete",
1, £1, 1)
Str = Replace(Str, "update", "update",
1, £1, 1)
Str = Replace(Str, "like", "like", 1,
£1, 1)
Str = Replace(Str, "drop", "drop", 1,
£1, 1)
Str = Replace(Str, "create", "create",
1, £1, 1)
Str = Replace(Str, "rename", "rename",
1, £1, 1)
Str = Replace(Str, "count", "count",
1, £1, 1)
Str = Replace(Str, "chr", "chr", 1,
£1, 1)
Str = Replace(Str, "mid", "mid", 1,
£1, 1)
Str = Replace(Str, "truncate", "truncate",
1, £1, 1)
Str = Replace(Str, "nchar", "nchar",
1, £1, 1)
Str = Replace(Str, "char", "char", 1,
£1, 1)
Str = Replace(Str, "alter", "alter",
1, £1, 1)
Str = Replace(Str, "cast", "cast", 1,
£1, 1)
Str = Replace(Str, "exists", "exists",
1, £1, 1)
Str = Replace(Str,Chr(13),"<£»br>£»", 1, £1,
1)
CheckStr = Replace(Str,"¡¯","¡¯¡¯", 1,
£1, 1)
End Function
TAG:
±êÌâËÑË÷
ÈÕÀú
|
|||||||||
ÈÕ | Ò» | ¶þ | Èý | ËÄ | Îå | Áù | |||
1 | 2 | 3 | 4 | 5 | 6 | ||||
7 | 8 | 9 | 10 | 11 | 12 | 13 | |||
14 | 15 | 16 | 17 | 18 | 19 | 20 | |||
21 | 22 | 23 | 24 | 25 | 26 | 27 | |||
28 | 29 | 30 |
ÎҵĴ浵
Êý¾Ýͳ¼Æ
- ·ÃÎÊÁ¿: 19176
- ÈÕÖ¾Êý: 51
- ½¨Á¢Ê±¼ä: 2009-04-22
- ¸üÐÂʱ¼ä: 2010-12-09