ASP Script Injection prevention
Last Update:2018-12-07
Source: Internet
Author: User
< %
Dim SQL _leaching, SQL _leach_0, SQL _data, IP, brown
' Add the special characters ---------------------------------------------------------------
SQL _leaching = " ',;, And, exec, insert, select, delete, update, Count, *, %, CHR, mid, Master, truncate, Char, declare, % 20, % 70, % 5c "
' Use the split function to split special strings --------------------------------------------------------
SQL _leach_0 = Split (SQL _leaching, " , " )
IP = Request. servervariables ( " Remote_addr " ) ' Extract peer IP Address
Brown = Request. servervariables ( " Request_method " ) ' Extract peer submission method
Thispage = Request. servervariables ( " URL " )
' Check request. querystring --------------------------------------------------------------
If Request. querystring <> "" Then
' Start the loop and find the special characters set by the URL ----------------------------------------------------
For Each SQL _get in request. querystring
For SQL _data = 0 To Ubound (SQL _leach_0)
If Instr (Request. querystring (SQL _get), SQL _leach_0 (SQL _data )) > 0 Then
Set CMD = Server. Createobject ( " ADODB. Command " )
Cmd. activeconnection = " Provider = Microsoft. Jet. oledb.4.0; Data Source = " & Server. mappath ( " /Database/SQL. MDB " )
IP = Request. servervariables ( " Remote_addr " ) ' Extract peer IP Address
Brown = Request. servervariables ( " Request_method " ) ' Extract peer submission method
Thispage = Request. servervariables ( " URL " )
Cmd. commandtext = " Insert into SQL (IP, tijiao, yemian) values ('& IP &', '& Brown &', '& thispage &') "
Cmd. activeconnection. Close
Response. Write " <Font color = Red> please do not try SQL injection! </Font> <p> "
Response. Write " Your information has been recorded <br> "
Response. Write " Your IP Address: " & IP & " <Br> "
Response. Write " Submission method: " & Brown & " <Br> "
Response. Write " Submit page: " & Thispage & " <P> "
Response. Write " Please be a legal viewer. do not violate the law. Thank you for your cooperation! <P> "
Response. Write " [Specially prepared by umbrella network security team] "
Response. End
End If
Next
Next
End If
% >