Copy codeThe Code is as follows: <%
'-------- Definition section ------------------
Dim XH_Post, XH_Get, XH_In, XH_Inf, XH_Xh, XH_db, XH_dbstr
'Custom string to be filtered, separated by '|'
XH_In = "'|; | and | exec | insert | select | delete % 20from | update | count | * | % | chr | mid | master | truncate | char | declare | drop % 20table | from | net % 20user | xp_mongoshell |/add | net % 20 localgroup % 20administrators | Asc | char"
'----------------------------------
%>
<%
XH_Inf = split (XH_In, "| ")
'-------- POST part ------------------
If Request. Form <> "" Then
For Each XH_Post In Request. Form
For XH_Xh = 0 To Ubound (XH_Inf)
If Instr (LCase (Request. Form (XH_Post), XH_Inf (XH_Xh) <> 0 Then
Response. Write "<Script Language = JavaScript> alert ('Please do not include invalid characters in the parameter to try to inject! '); </Script>"
Response. Write "illegal operation! The system makes the following records: <br>"
Response. Write "Operation IP:" & Request. ServerVariables ("REMOTE_ADDR") "<br>"
Response. Write "operation time:" & Now "<br>"
Response. Write "Operation page:" & Request. ServerVariables ("URL") "<br>"
Response. Write "submission method: POST <br>"
Response. Write "Submit parameters:" & XH_Post "<br>"
Response. Write "submit data:" & Request. Form (XH_Post)
Response. End
End If
Next
Next
End If
'----------------------------------
'-------- GET part -------------------
If Request. QueryString <> "Then
For Each XH_Get In Request. QueryString
For XH_Xh = 0 To Ubound (XH_Inf)
If Instr (LCase (Request. QueryString (XH_Get), XH_Inf (XH_Xh) <> 0 Then
Response. Write "<Script Language = JavaScript> alert ('Please do not include invalid characters in the parameter to try to inject! '); </Script>"
Response. Write "illegal operation! The system makes the following records: <br>"
Response. Write "Operation IP:" & Request. ServerVariables ("REMOTE_ADDR") "<br>"
Response. Write "operation time:" & Now "<br>"
Response. Write "Operation page:" & Request. ServerVariables ("URL") "<br>"
Response. Write "submission method: GET <br>"
Response. Write "Submit parameters:" & XH_Get "<br>"
Response. Write "submit data:" & Request. QueryString (XH_Get)
Response. End
End If
Next
Next
End If
'----------------------------------
%>
