|
在网上搜索了N个通用防注射代码,都没过滤COOKIES,这个过滤比较严格,GET,POST,COOKIES都过滤了,过滤的字符串大家可以自己修改。
===========FY.ASP===========
<%
'通用防注入系统Flyaway修改版!
'修改自枫之秋通用防注入系统,加了cookies防注射,个人认为防注入没有必要封人家ip,毕竟大家都是网上混的!
'也没有必要搞个数据库拖儿带女的,也没有必要搞个后台,够麻烦的。
'使用方法很简单,,
'只要在需要防注入的页面头部用
'<!--#Include File="fy.Asp"-->
'就可以做到页面防注入~~
'如果想整站防注,就在网站的一个公用文件中,如数据库链接文件conn.asp中!
'添加<!--#Include File="fy.Asp"-->来调用本软件
'--------定义部份------------------
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa
On Error Resume Next
Fy_In = "'|and|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare|--|script"
aa="281654398.txt" '------------------------------------------如入侵记录保存文件,这里最好改一下,呵呵!
Fy_Inf = split(Fy_In,"|")
'1--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cook'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "呵呵!等着警察叔叔请你喝茶吧!你试图攻击本站!<br>"
Response.Write "呵呵!等着警察叔叔请你喝茶吧,如果你没有能力清除日志的话!QQ:156544632<br><hr>"
Response.End
end Sub
%>
=========END========== |
|