ASPはクロスステーションスクリプトとSQL注入コードを防止する

2614 ワード

      :
1.         _safe.asp,           。
"" then call stophacker(request.querystring,"'|\b(alert|confirm|prompt)\b|]*?>|^\+/v(8|9)|\bonmouse(over|move)=\b|\b(and|or)\b.+?(>|"" then call test(Request.ServerVariables("HTTP_REFERER"),"'|\b(and|or)\b.+?(>|"" then call stophacker(request.Cookies,"\b(and|or)\b.{1,6}?(=|>||
IP: "&ip&"
: " & now() & "
:"&Request.ServerVariables("URL")&"
: "&Request.ServerVariables("Request_Method")&"
: "&l_get&"
: "&l_get2) Response.Write("

, !

") Response.end end if set regex = nothing end function function stophacker(values,re) dim l_get, l_get2,n_get,regex,IP for each n_get in values for each l_get in values l_get2 = values(l_get) set regex = new regexp regex.ignorecase = true regex.global = true regex.pattern = re if regex.test(l_get2) then IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR") If IP = "" Then IP=Request.ServerVariables("REMOTE_ADDR") end if 'slog("

IP: "&ip&"
: " & now() & "
:"&Request.ServerVariables("URL")&"
: "&Request.ServerVariables("Request_Method")&"
: "&l_get&"
: "&l_get2) Response.Write("

, !

") Response.end end if set regex = nothing next next end function sub slog(logs) dim toppath,fs,Ts toppath = Server.Mappath("/index.asp") Set fs = CreateObject("scripting.filesystemobject") If Not Fs.FILEEXISTS(toppath) Then Set Ts = fs.createtextfile(toppath, True) Ts.close end if Set Ts= Fs.OpenTextFile(toppath,8) Ts.writeline (logs) Ts.Close Set Ts=nothing Set fs=nothing end sub %> 2. 、 。 , , conn.asp ! , !