<%
asp防注入之解决方案
特殊页面处理
因为有些页通过流式传递(比如含有文件上传的表单)
如果单一使用穷举form对象的操作就会出错
所以要把这些页面过滤出来,同时在页面中使用sql(“检测的字串”)才行
垃圾猪zero@new57.com
http://blog.csdn.net/cfaq
源码下载http://www.new57.com/softback/sql.rar
将本页用include方法放在头部以让所有页都可以调用,比如include在conn.asp里
如果有流式上传的页面请把该页加到表page中,以防form冲突
dim n_no,n_noarray,req_qs,req_f,n_i,n_dbstr,conn,n_rs,n_userip,n_thispage
n_userip = request.servervariables(“remote_addr”)
n_thispage = lcase(request.servervariables(“url”))
n_no = “|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare” 可以自己修改怀疑是注入操作的字串
n_noarray = split(lcase(n_no),”|”)
call dbopen()
call n_check_qs()
call n_checkpage()
call dbclose()
检测当前页是否是特殊页是就调用 n_check_form()
sub n_checkpage()
set n_rs = server.createobject(“adodb.recordset”)
n_rs.open “select * from page where spcpage like %”&n_thispage&”%”,conn,1,1
if (n_rs.eof and n_rs.bof) then
call n_check_form()
end if
n_rs.close()
set n_rs = nothing
end sub
检测给定字串
sub n_sql(agsql)
这里是不记录数据库,如果要改请自己修改
n_check “cus”,req_qs,”other”
end sub
检测request.form
sub n_check_form()
if request.form<>”” then
for each req_f in request.form
n_check req_f,request.form(req_f),”post”
next
end if
end sub
检测request.querystring
sub n_check_qs()
if request.querystring<>”” then
for each req_qs in request.querystring
n_check req_qs,request.querystring(req_qs),”get”
next
end if
end sub
检测
sub n_check(ag,agsql,sqltype)
for n_i=0 to ubound(n_noarray)
if instr(lcase(agsql),n_noarray(n_i))<>0 then
call n_regsql(ag,agsql,sqltype)
response.write “mo”
end if
next
end sub
记录并停止输出
ag 名称
agsql 内容
sqltype 类型
sub n_regsql(ag,agsql,sqltype)
if(sqltype<>”other”) then
conn.execute(“insert into sqlin(sqlin_ip,sqlin_web,sqlin_fs,sqlin_cs,sqlin_sj) values(“&n_userip&”,”&n_thispage&”,”&sqltype&”,”&ag&”,”&agsql&”)”)
end if
response.write “<script language=javascript>alert(请不要在参数中包含非法字符尝试注入!);</script>”
response.write “<span style=font-size:12px>非法操作!系统做了如下记录↓<br>”
response.write “操作ip:”&n_userip&”<br>”
response.write “操作时间:”&now&”<br>”
response.write “操作页面:”&n_thispage&”<br>”
response.write “提交方式:”&sqltype&”<br>”
response.write “提交参数:”&ag&”<br>”
response.write “提交数据:”&agsql&”</span>”
response.end
end sub
sub dbopen()
n_dbstr=”dbq=”+server.mappath(“sql.mdb”)+”;defaultdir=;driver={microsoft access driver (*.mdb)};”
set conn=server.createobject(“adodb.connection”)
conn.open n_dbstr
end sub
sub dbclose()
conn.close
set conn = nothing
end sub
%>