<%
dim sql_leach,sql_leach_0,Sql_DATA,IP,Brown
'加入要檢測出的特殊字元---------------------------------------------------------------
sql_leach = "',;,and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare,%20,%70,%5c"
'用SPLIT函數把特殊的字串分割--------------------------------------------------------
sql_leach_0 = split(sql_leach,",")
IP=request.ServerVariables("REMOTE_ADDR") '提取對方IP
Brown=request.ServerVariables("REQUEST_METHOD") '提取對方提交方式
Thispage=request.ServerVariables("URL")
'檢測Request.QueryString--------------------------------------------------------------
If Request.QueryString<>"" Then
'迴圈開始,並尋找URL設定的特殊字元----------------------------------------------------
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(sql_leach_0)
if instr(Request.QueryString(SQL_Get),sql_leach_0(Sql_DATA))>0 Then
Set cmd=server.CreateObject("ADODB.COMMAND")
cmd.ActiveConnection = "Provider=Microsoft.Jet.Oledb.4.0;Data source=" & server.mappath("/database/SQL.mdb")
IP=request.ServerVariables("REMOTE_ADDR") '提取對方IP
Brown=request.ServerVariables("REQUEST_METHOD") '提取對方提交方式
Thispage=request.ServerVariables("URL")
cmd.commandtext="insert into SQL(Ip,tijiao,yemian) Values ('&Ip&','&Brown&','&Thispage&')"
cmd.ActiveConnection.close
Response.Write "<font color=red>請不要嘗試進行SQL注入!</font><p>"
Response.Write "你的資訊已被記錄↓<br>"
Response.Write "你的IP:"&IP&"<br>"
Response.Write "提交方式:"&brown&"<br>"
Response.Write "提交頁面:"&Thispage&"<p>"
Response.Write "請你做一位合法的瀏覽者,不要觸犯法律,謝謝合作!<p>"
Response.Write "【UMBRELLA網路安全小組特殊製作】"
Response.end
end if
next
Next
End If
%>
