BlogJava-生客-文章分类-WebServicehttp://www.blogjava.net/skllb/category/2003.html活着就要学习zh-cnFri, 02 Mar 2007 03:21:33 GMTFri, 02 Mar 2007 03:21:33 GMT60ASP防注入文件http://www.blogjava.net/skllb/articles/7807.html生客生客Fri, 15 Jul 2005 17:47:00 GMThttp://www.blogjava.net/skllb/articles/7807.htmlhttp://www.blogjava.net/skllb/comments/7807.htmlhttp://www.blogjava.net/skllb/articles/7807.html#Feedback0http://www.blogjava.net/skllb/comments/commentRss/7807.htmlhttp://www.blogjava.net/skllb/services/trackbacks/7807.html
写ASP的时候对每个变量都要过滤是件很痛苦的事, 这也造成了很多的ASP程序有Injection漏洞, 所以写了这个东东
<%
'InjectionCheck 1.0版'
'author: SK '
'Email: shengkellb@163.com'
'Notice: You can use and edit it by yourself, it is free!'
%>
<%
function ExceptionError
 Response.write "<script language='javascript'>"
   Response.write "alert('请检查您输入的数据是否含有非法字符串,谢谢!');"
    Response.write "history.go(-1);"
    Response.write "</script>"
End function
 
function validata(input)
 bad_strings = Array("'", "select", "union", "insert", "drop", ";", "update")
 for each element in bad_strings
  if(InStr(input, element)<>0) then
   validata = false
   exit function
   End if
 next
 validata = true
End function

function InjectionCheck
 for each input in Request.QueryString
  if not validata(LCase(Request.QueryString(input))) then
   ExceptionError
   exit function
   End if
 next
 for each input in Request.Form
  if not validata(LCase(Request.Form(input))) then
   ExceptionError
   exit function
   End if
 next
End function
%>



生客 2005-07-16 01:47 发表评论
]]>