首页->防止ASP注入代码
Response.Buffer = True '缓存页面
'防范get注入
If Request.QueryString <> "" Then StopInjection(Request.QueryString)
'防范post注入
If Request.Form <> "" Then StopInjection(Request.Form)
'防范cookies注入
If Request.Cookies <> "" Then StopInjection(Request.Cookies)
'正则子函数
Function StopInjection(Values)
Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "'|;|#|([\s\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
Response.Write "<Script Language=javascript>alert('非法注入!你的行为已被记录!!');history.back(-1);</script> "
Response.End
End If
Next
Set regEx = Nothing
End function
'post过滤sql注入代防范及HTML防护开始
function nosql(str)
if not isnull(str) then
str=trim(str)
str=replace(str,";",";") '分号
str=replace(str,"'","'") '单引号
str=replace(str,"""",""") '双引号
str=replace(str,"chr(9)"," ") '空格
str=replace(str,"chr(10)","<br>") '回车
str=replace(str,"chr(13)","<br>") '回车
str=replace(str,"chr(32)"," ") '空格
str=replace(str,"chr(34)",""") '双引号
str=replace(str,"chr(39)","'") '单引号
str=Replace(str, "script", "script")'jscript
str=replace(str,"<","<") '左<
str=replace(str,">",">") '右>
str=replace(str,"(","(") '左(
str=replace(str,")",")") '右)
str=replace(str,"--","--") 'SQL注释符
str=replace(str,"net user","")
str=replace(str,"xp_cmdshell","")
str=replace(str,"/add","")
str=replace(str,"exec%20master.dbo.xp_cmdshell","")
str=replace(str,"net localgroup administrators","")
str=replace(str,"select","")
str=replace(str,"count","")
str=replace(str,"asc","")
str=replace(str,"char","")
str=replace(str,"mid","")
str=replace(str,":","")
str=replace(str,"insert","")
str=replace(str,"delete","")
str=replace(str,"drop","")
str=replace(str,"truncate","")
str=replace(str,"from","")
str=replace(str,"%","")
nosql=str
end if
end function