标题:网页防注入代码
只看楼主
toniodeng
Rank: 1
等 级:新手上路
帖 子:3
专家分:0
注 册:2009-12-28
结帖率:0
已结贴  问题点数:20 回复次数:1 
网页防注入代码
谁有?请传个谢谢
42411211
搜索更多相关主题的帖子: 网页 
2012-05-30 10:13
coretear
Rank: 4
等 级:业余侠客
威 望:1
帖 子:102
专家分:244
注 册:2012-6-5
得分:20 
Function CheckSql() '防止SQL注入
    Dim HT_SQL_Injdata  
    HT_SQL_Injdata = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
    SQL_inj = split(HT_SQL_Injdata,"|")
    If Request.QueryString<>"" Then
        For Each SQL_Get In Request.QueryString
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language='javascript'>{alert('请不要在参数中包含非法字符!');history.back(-1)}</Script>"
                    Response.end
                end if
            next
        Next
    End If
    If Request.Form<>"" Then
        For Each Sql_Post In Request.Form
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language='javascript'>{alert('请不要在参数中包含非法字符!');history.back(-1)}    </Script>"
                    Response.end
                end if
            next
        next
    end if
End Function

Function CheckStr(byVal ChkStr) '检查无效字符
    Dim Str:Str=ChkStr
    Str=Trim(Str)
    If IsNull(Str) Then
        CheckStr = ""
        Exit Function
    End If
    Dim re
    Set re=new RegExp
    re.IgnoreCase =True
    re.Global=True
    re.Pattern="(\r\n){3,}"
    Str=re.Replace(Str,"$1$1$1")
    Set re=Nothing
    Str = Replace(Str,"'","''")
    Str = Replace(Str, "select", "select")
    Str = Replace(Str, "join", "join")
    Str = Replace(Str, "union", "union")
    Str = Replace(Str, "where", "where")
    Str = Replace(Str, "insert", "insert")
    Str = Replace(Str, "delete", "delete")
    Str = Replace(Str, "update", "update")
    Str = Replace(Str, "like", "like")
    Str = Replace(Str, "drop", "drop")
    Str = Replace(Str, "create", "create")
    Str = Replace(Str, "modify", "modify")
    Str = Replace(Str, "rename", "rename")
    Str = Replace(Str, "alter", "alter")
    Str = Replace(Str, "cast", "cast")
    CheckStr=Str
End Function

Function UnCheckStr(Str) '检查非法sql命令
        Str = Replace(Str, "select", "select")
        Str = Replace(Str, "join", "join")
        Str = Replace(Str, "union", "union")
        Str = Replace(Str, "where", "where")
        Str = Replace(Str, "insert", "insert")
        Str = Replace(Str, "delete", "delete")
        Str = Replace(Str, "update", "update")
        Str = Replace(Str, "like", "like")
        Str = Replace(Str, "drop", "drop")
        Str = Replace(Str, "create", "create")
        Str = Replace(Str, "modify", "modify")
        Str = Replace(Str, "rename", "rename")
        Str = Replace(Str, "alter", "alter")
        Str = Replace(Str, "cast", "cast")
        UnCheckStr=Str
End Function

Function Checkstr(Str) 'SQL防注入过滤涵数
    If Isnull(Str) Then
    CheckStr = ""
    Exit Function
    End If
    Str = Replace(Str,Chr(0),"", 1, -1, 1)
    Str = Replace(Str, """", """", 1, -1, 1)
    Str = Replace(Str,"<","<", 1, -1, 1)
    Str = Replace(Str,">",">", 1, -1, 1)
    Str = Replace(Str, "script", "script", 1, -1, 0)
    Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
    Str = Replace(Str, "Script", "Script", 1, -1, 0)
    Str = Replace(Str, "script", "Script", 1, -1, 1)
    Str = Replace(Str, "object", "object", 1, -1, 0)
    Str = Replace(Str, "OBJECT", "OBJECT", 1, -1, 0)
    Str = Replace(Str, "Object", "Object", 1, -1, 0)
    Str = Replace(Str, "object", "Object", 1, -1, 1)
    Str = Replace(Str, "applet", "applet", 1, -1, 0)
    Str = Replace(Str, "APPLET", "APPLET", 1, -1, 0)
    Str = Replace(Str, "Applet", "Applet", 1, -1, 0)
    Str = Replace(Str, "applet", "Applet", 1, -1, 1)
    Str = Replace(Str, "[", "[")
    Str = Replace(Str, "]", "]")
    Str = Replace(Str, """", "", 1, -1, 1)
    Str = Replace(Str, "=", "=", 1, -1, 1)
    Str = Replace(Str, "'", "''", 1, -1, 1)
    Str = Replace(Str, "select", "select", 1, -1, 1)
    Str = Replace(Str, "execute", "execute", 1, -1, 1)
    Str = Replace(Str, "exec", "exec", 1, -1, 1)
    Str = Replace(Str, "join", "join", 1, -1, 1)
    Str = Replace(Str, "union", "union", 1, -1, 1)
    Str = Replace(Str, "where", "where", 1, -1, 1)
    Str = Replace(Str, "insert", "insert", 1, -1, 1)
    Str = Replace(Str, "delete", "delete", 1, -1, 1)
    Str = Replace(Str, "update", "update", 1, -1, 1)
    Str = Replace(Str, "like", "like", 1, -1, 1)
    Str = Replace(Str, "drop", "drop", 1, -1, 1)
    Str = Replace(Str, "create", "create", 1, -1, 1)
    Str = Replace(Str, "rename", "rename", 1, -1, 1)
    Str = Replace(Str, "count", "count", 1, -1, 1)
    Str = Replace(Str, "chr", "chr", 1, -1, 1)
    Str = Replace(Str, "mid", "mid", 1, -1, 1)
    Str = Replace(Str, "truncate", "truncate", 1, -1, 1)
    Str = Replace(Str, "nchar", "nchar", 1, -1, 1)
    Str = Replace(Str, "char", "char", 1, -1, 1)
    Str = Replace(Str, "alter", "alter", 1, -1, 1)
    Str = Replace(Str, "cast", "cast", 1, -1, 1)
    Str = Replace(Str, "exists", "exists", 1, -1, 1)
    Str = Replace(Str,Chr(13),"<br>", 1, -1, 1)
    CheckStr = Replace(Str,"'","''", 1, -1, 1)
End Function

Function HTMLEncode(reString) '过滤转换HTML代码
    Dim Str:Str=reString
    If Not IsNull(Str) Then
        Str = UnCheckStr(Str)
        Str = Replace(Str, "&", "&")
        Str = Replace(Str, ">", "&gt;")
        Str = Replace(Str, "<", "&lt;")
        Str = Replace(Str, CHR(32), "&nbsp;")
        Str = Replace(Str, CHR(9), "&nbsp;&nbsp;&nbsp;&nbsp;")
        Str = Replace(Str, CHR(9), "&nbsp;&nbsp;&nbsp;&nbsp;")
        Str = Replace(Str, CHR(34),"")
        Str = Replace(Str, CHR(39),"'")
        Str = Replace(Str, CHR(13), "")
        Str = Replace(Str, CHR(10), "<br>")
        HTMLEncode = Str
    End If
End Function

[ 本帖最后由 coretear 于 2012-6-6 09:40 编辑 ]
2012-06-06 09:34



参与讨论请移步原网站贴子:https://bbs.bccn.net/thread-368268-1-1.html




关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.096777 second(s), 8 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved