名客技术网

简体
繁体
×警告!请输入搜索关键词(仅提示一次)
网站建设电话:15927179345(资深程序)

ASP 防止XSS 攻击及SQL注入的代码

作者:网站小编时间:2019-03-08 11:03:43
<%   
On Error Resume Next  
if request.querystring<>"" then call stophacker(request.querystring,"'|b(alert|confirm|prompt)b|<[^>]*?>|^+/v(8|9)|bonmouse(over|move)=b|b(and|or)b.+?(>|<|=|binb|blikeb)|/*.+?*/|<s*scriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)")  
if Request.ServerVariables("HTTP_REFERER")<>"" then call test(Request.ServerVariables("HTTP_REFERER"),"'|b(and|or)b.+?(>|<|=|binb|blikeb)|/*.+?*/|<s*scriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)")  
if request.Cookies<>"" then call stophacker(request.Cookies,"b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/*.+?*/|<s*scriptb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)")   
call stophacker(request.Form,"^+/v(8|9)|b(and|or)b.{1,6}?(=|>|<|binb|blikeb)|/*.+?*/|<s*scriptb|<s*imgb|bEXECb|UNION.+?SELECT|UPDATE.+?SET|INSERTs+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)s+(TABLE|DATABASE)")  

function test(values,re)  
dim regex  
set regex=new regexp  
regex.ignorecase = true  
regex.global = true  
regex.pattern = re  
if regex.test(values) then  
Response.Write("<div style='position:fixed;top:0px;width:100%;height:100%;background-color:white;color:green;font-weight:bold;border-bottom:5px solid #999;'><br>您的提交带有不合法参数,谢谢合作!<br><br></div>")  
Response.end  
end if  
set regex = nothing  
end function   


function stophacker(values,re)  
dim l_get, l_get2,n_get,regex,IP  
for each n_get in values  
for each l_get in values  
l_get2 = values(l_get)  
set regex = new regexp  
regex.ignorecase = true  
regex.global = true  
regex.pattern = re  
if regex.test(l_get2) then  
Response.Write("<div style='position:fixed;top:0px;width:100%;height:100%;background-color:white;color:green;font-weight:bold;border-bottom:5px solid #999;'><br>您的提交带有不合法参数,谢谢合作!<br><br></div>")  
Response.end  
end if  
set regex = nothing  
next  
next  
end function   
%>
名客技术网如果无意之中侵犯了您的版权,请联系站长,本站将在3个工作日内删除 QQ:175352796
Copyright 2011-2020 Powered by 121ASK.COM, All Rights Reserved.
备案号:鄂ICP备11013833号-3