English
SqlIn.Asp
资源名称:qnmov30.rar [点击查看]
上传用户:qyswxdl
上传日期:2013-06-01
资源大小:1373k
文件大小:3k
源码类别:
家庭/个人应用
开发平台:
ASP/ASPX
- <%
- '--------定义部份------------------
- Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr
- '自定义需要过滤的字串,用 "枫" 分隔
- Fy_In = "'枫;枫and枫exec枫insert枫select枫delete枫update枫count枫*枫%枫chr枫mid枫master枫truncate枫char枫declare枫'"
- '----------------------------------
- %>
- <%
- Fy_Inf = split(Fy_In,"枫")
- '--------POST部份------------------
- If Request.Form<>"" Then
- For Each Fy_Post In Request.Form
- For Fy_Xh=0 To Ubound(Fy_Inf)
- If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
- '--------写入数据库----------头-----
- Fy_dbstr="DBQ="+server.mappath("data/#tk007#com#skyuc#com#2#6.asp")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
- Set Fy_db=Server.CreateObject("ADODB.CONNECTION")
- Fy_db.open Fy_dbstr
- Fy_db.Execute("insert into fuck(userip,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','POST','"&Fy_Post&"','"&replace(Request.Form(Fy_Post),"'","''")&"')")
- Fy_db.close
- Set Fy_db = Nothing
- '--------写入数据库----------尾-----
- Response.Write "<Script Language=JavaScript>alert('由于你尝试注入本站,程序自动封你IP了!请联系管理员');</Script>"
- Response.Write "非法操作!系统做了如下记录↓<br>"
- Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
- Response.Write "操作时间:"&Now&"<br>"
- Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
- Response.Write "提交方式:POST<br>"
- Response.Write "提交参数:"&Fy_Post&"<br>"
- Response.Write "提交数据:"&Request.Form(Fy_Post)
- Response.End
- End If
- Next
- Next
- End If
- '----------------------------------
- '--------GET部份-------------------
- If Request.QueryString<>"" Then
- For Each Fy_Get In Request.QueryString
- For Fy_Xh=0 To Ubound(Fy_Inf)
- If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
- '--------写入数据库----------头-----
- Fy_dbstr="DBQ="+server.mappath("data/#tk007#com#skyuc#com#2#6.asp")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
- Set Fy_db=Server.CreateObject("ADODB.CONNECTION")
- Fy_db.open Fy_dbstr
- Fy_db.Execute("insert into fuck(userip,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
- Fy_db.close
- Set Fy_db = Nothing
- '--------写入数据库----------尾-----
- Response.Write "<Script Language=JavaScript>alert('由于你尝试注入本站,程序自动封你IP了!请联系管理员');</Script>"
- Response.Write "非法操作!系统做了如下记录↓<br>"
- Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>"
- Response.Write "操作时间:"&Now&"<br>"
- Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>"
- Response.Write "提交方式:GET<br>"
- Response.Write "提交参数:"&Fy_Get&"<br>"
- Response.Write "提交数据:"&Request.QueryString(Fy_Get)
- Response.End
- End If
- Next
- Next
- End If
- %>
