ASPはクロスステーションスクリプトとSQL注入コードを防止する

2614 ワード

      ：
1.         _safe.asp，           。
"" then call stophacker(request.querystring,"'|\b(alert|confirm|prompt)\b|]*?>|^\+/v(8|9)|\bonmouse(over|move)=\b|\b(and|or)\b.+?(>|"" then call test(Request.ServerVariables("HTTP_REFERER"),"'|\b(and|or)\b.+?(>|"" then call stophacker(request.Cookies,"\b(and|or)\b.{1,6}?(=|>||
  IP: "&ip&"
    : " & now() & "
    ："&Request.ServerVariables("URL")&"
    : "&Request.ServerVariables("Request_Method")&"
    : "&l_get&"
    : "&l_get2)
    Response.Write("
           ,    !

")
    Response.end
   end if
   set regex = nothing
end function 


function stophacker(values,re)
 dim l_get, l_get2,n_get,regex,IP
 for each n_get in values
  for each l_get in values
   l_get2 = values(l_get)
   set regex = new regexp
   regex.ignorecase = true
   regex.global = true
   regex.pattern = re
   if regex.test(l_get2) then
      IP=Request.ServerVariables("HTTP_X_FORWARDED_FOR")
      If IP = "" Then 
         IP=Request.ServerVariables("REMOTE_ADDR")
      end if
      'slog("

  IP: "&ip&"
    : " & now() & "
    ："&Request.ServerVariables("URL")&"
    : "&Request.ServerVariables("Request_Method")&"
    : "&l_get&"
    : "&l_get2)
    Response.Write("
           ,    !

")
    Response.end
   end if
   set regex = nothing
  next
 next
end function 

sub slog(logs)
        dim toppath,fs,Ts
        toppath = Server.Mappath("/index.asp")
        Set fs = CreateObject("scripting.filesystemobject")
        If Not Fs.FILEEXISTS(toppath) Then 
           Set Ts = fs.createtextfile(toppath, True)
           Ts.close
        end if
        Set Ts= Fs.OpenTextFile(toppath,8)
        Ts.writeline (logs)
        Ts.Close
        Set Ts=nothing
        Set fs=nothing
end sub
%>
2.             

          、  。
       ，            ，        conn.asp ！
        ，      ！

Entity Framework 6でデータベース操作のログ記録機能を追加

SpringBoot+Mybatis+Redis+RabbitMQ秒殺システムに基づく