ASPはクロスステーションスクリプトとSQL注入コードを防止する
2614 ワード
:
1. _safe.asp, 。
"" then call stophacker(request.querystring,"'|\b(alert|confirm|prompt)\b|]*?>|^\+/v(8|9)|\bonmouse(over|move)=\b|\b(and|or)\b.+?(>|"" then call test(Request.ServerVariables("HTTP_REFERER"),"'|\b(and|or)\b.+?(>|"" then call stophacker(request.Cookies,"\b(and|or)\b.{1,6}?(=|>||
IP: "&ip&"
: " & now() & "
:"&Request.ServerVariables("URL")&"
: "&Request.ServerVariables("Request_Method")&"
: "&l_get&"
: "&l_get2)
Response.Write("
, !
")
Response.end
end if
set regex = nothing
end function
function stophacker(values,re)
dim l_get, l_get2,n_get,regex,IP
for each n_get in values
for each l_get in values
l_get2 = values(l_get)
set regex = new regexp
regex.ignorecase = true
regex.global = true
regex.pattern = re
if regex.test(l_get2) then
IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If IP = "" Then
IP=Request.ServerVariables("REMOTE_ADDR")
end if
'slog("
IP: "&ip&"
: " & now() & "
:"&Request.ServerVariables("URL")&"
: "&Request.ServerVariables("Request_Method")&"
: "&l_get&"
: "&l_get2)
Response.Write("
, !
")
Response.end
end if
set regex = nothing
next
next
end function
sub slog(logs)
dim toppath,fs,Ts
toppath = Server.Mappath("/index.asp")
Set fs = CreateObject("scripting.filesystemobject")
If Not Fs.FILEEXISTS(toppath) Then
Set Ts = fs.createtextfile(toppath, True)
Ts.close
end if
Set Ts= Fs.OpenTextFile(toppath,8)
Ts.writeline (logs)
Ts.Close
Set Ts=nothing
Set fs=nothing
end sub
%>
2.
、 。
, , conn.asp !
, !