aspでクッキー注入を防ぐ方法


'                  ASP    ,          
' :

Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa,num
On Error Resume Next
num = 100 '  
Fy_In = "'|exec|insert|select|delete|update|del|chr|truncate|char|declare|--|script|*|char|set|(|)|and|mid"
Fy_Inf = split(Fy_In,"|")
'1--------POST ------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)

'
if len(Request.Form(Fy_Post)) > num then

end if

If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
call aaa()
End If
Next
Next
End If

'2--------GET -------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)

'
if len(Request.QueryString(Fy_Get)) > num then

end if

If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
call aaa()
End If
Next
Next
End If

'3--------cookies -------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)

'
if len(Request.Cookies(Fy_cook)) > num then

end if

If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
call aaa()
End If

Next
Next
End If



Sub aaa()
response.write "alert(' !');history.back();"
Response.end
end Sub
%>

http://bbs.sql8.net/showtopic-522.aspx