Wapls_sqlin.asp
资源名称:7.rar [点击查看]
上传用户:lfyh0123
上传日期:2020-11-04
资源大小:200k
文件大小:5k
源码类别:
手机WAP编程
开发平台:
ASP/ASPX
- <%
- '==================================
- '=文 件 名:wapls_sqlin.asp
- '=适用版本:蓝色世纪WAP网站管理系统(CMS)V1.1
- '=官方版权:http://www.songfr.cn
- '=文件功能:防止SQL黑客攻击并记录、锁定、屏蔽
- '=文件作者:蓝色阳光
- '=发行时间:2007-02-01
- '==================================
- '--------定义部份------------------
- Dim wapls_Post,wapls_Get,wapls_In,wapls_Inf,wapls_Xh,wapls_db,wapls_dbstr,Kill_IP,WriteSql
- '自定义需要过滤的字串,用 "|" 分隔
- wapls_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|truncate|char|declare|or"
- Kill_IP=True
- WriteSql=True
- wapls_Inf = split(wapls_In,"|")
- '--------POST部份------------------
- If Request.Form<>"" Then
- For Each wapls_Post In Request.Form
- For wapls_Xh=0 To Ubound(wapls_Inf)
- If Instr(LCase(Request.Form(wapls_Post)),wapls_Inf(wapls_Xh))<>0 Then
- If WriteSql=True Then
- sql="select * from wapls_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true"
- set rs=server.createobject("adodb.recordset")
- rs.open sql,conn,1,3
- if rs.eof or rs.bof then
- rs.addnew
- rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR")
- rs("SqlIn_Web")=Request.ServerVariables("URL")
- rs("SqlIn_FS")="POST"
- rs("SqlIn_CS")=wapls_Post
- rs("SqlIn_SJ")=replace(Request.Form(wapls_Post),"'","''")
- if sqlin_ok=2 then '打开防注功能但不锁定IP
- rs("Kill_ip")=False
- else
- rs("Kill_ip")=False '系统默认不锁定POST提交!
- end if
- rs.update
- rs.close:set rs=nothing
- End If
- Response.Write "<card title=""访问出错了""><p>请不要在参数中包含非法字符尝试注"
- Response.Write "非法操作!系统做了如下记录↓<br/>"
- Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br/>"
- Response.Write "操作时间:"&Now&"<br/>"
- Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br/>"
- Response.Write "提交方式:POST<br/>"
- Response.Write "提交参数:"&wapls_Post&"<br/>"
- Response.Write "提交数据:"&Request.Form(wapls_Post)
- Response.write "<br/><anchor><prev/>返回上级</anchor></p></card></wml>"
- Response.End
- End If
- End If
- Next
- Next
- End If
- '--------GET部份-------------------
- If Request.QueryString<>"" Then
- For Each wapls_Get In Request.QueryString
- For wapls_Xh=0 To Ubound(wapls_Inf)
- If Instr(replace(LCase(Request.QueryString(wapls_Get)),"<br><li>",""),wapls_Inf(wapls_Xh))<>0 Then
- If WriteSql=True Then
- sql="select * from wapls_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true" '2005-11-21 Updated
- set rs=server.createobject("adodb.recordset")
- rs.open sql,conn,1,3
- if rs.eof or rs.bof then
- rs.addnew
- rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR")
- rs("SqlIn_Web")=Request.ServerVariables("URL")
- rs("SqlIn_FS")="GET"
- rs("SqlIn_CS")=wapls_Get
- rs("SqlIn_SJ")=replace(Request.QueryString(wapls_Get),"'","''")
- if sqlin_ok=2 then '打开防注功能但不锁定IP
- rs("Kill_ip")=False
- else
- rs("Kill_ip")=True
- end if
- rs.update
- rs.close:set rs=nothing
- End If
- Response.Write "<card title=""访问出错了""><p>请不要在参数中包含非法字符尝试注入!"
- Response.Write "非法操作!系统做了如下记录↓<br/>"
- Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br/>"
- Response.Write "操作时间:"&Now&"<br/>"
- Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br/>"
- Response.Write "提交方式:GET<br/>"
- Response.Write "提交参数:"&wapls_Get&"<br/>"
- Response.Write "提交数据:"&Request.QueryString(wapls_Get)
- Response.write "<br/><anchor><prev/>返回上级</anchor></p></card></wml>"
- Response.End
- End If
- End If
- Next
- Next
- End If
- If Kill_IP=True Then
- Dim cur_IP,rsKill_IP,Kill_IPsql
- cur_IP=Request.ServerVariables("REMOTE_ADDR")
- Kill_IPsql="select Sqlin_IP from wapls_SqlIn where Sqlin_IP='"&cur_IP&"' and kill_ip=true"
- set rsKill_IP=server.createobject("adodb.recordset")
- rsKill_IP.open Kill_IPsql,conn,1,1
- If Not(rsKill_IP.eof or rsKill_IP.bof) Then
- Response.write "<card title=""访问出错了!!""><p>"
- response.write outHTM(sqlin_ok1)
- Response.write "</p></card></wml>"
- Response.End
- End If
- rsKill_IP.close:set rsKill_IP=nothing
- End If
- %>