hzhost·Àasp¹¥»÷º¯Êý
hzhost·Àasp¹¥»÷º¯Êý
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) then
SafeRequest=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select
|insert |delete from|'|count(|drop table|update |truncate
|asc(|mid(|char(|xp_cmdshell|exec master|net localgroup
administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if Instr(ParaValuetemp,temps(mycount)) > 0 then
call errorpage(-2,"·Ç·¨ÇëÇ󣡣¡£¡")
response.end
end if
next
SafeRequest=ParaValue
end if
End function
'=================
Ïà¹ØÎĵµ£º
±¾»úip[¿Í»§¶Ë]:
request.servervariables("remote_addr")
´ÓÄĸöÒ³Ãæתµ½µ±Ç°Ò³ÃæµÄ£º
Request.ServerVariables("HTTP_REFERER")
µÃµ½±¾Ò³µØÖ·£º
<%="http://" + Request.ServerVariables("SERVER_NAME") + ":" + Request.ServerVariables("SERVER_PORT") + reques ......
ActiveConnection ÉèÖûò·µ»ØCommand¶ÔÏóµÄÁ¬½ÓÐÅÏ¢£¬¸ÃÊôÐÔ¿ÉÒÔÊÇÒ»¸öConnection¶ÔÏó»òÁ¬½Ó×Ö·û´®¡£
CommandText ÉèÖûò·µ»Ø¶ÔÊý¾ÝÔ´µÄÃüÁî´®£¬Õâ¸ö´®¿ÉÒÔÊÇSQLÓï¾ä¡¢±í¡¢´¢´æ¹ý³Ì»òÊý¾ÝÌṩÕßÖ§³ÖµÄÈÎ ºÎÌØÊâÓÐЧµÄÃüÁîÎı¾¡£
Prepared Ìá³öÔÚµ÷ÓÃCommand¶ÔÏóµÄExecute·½·¨Ê±£¬ÊÇ·ñ½«²éѯµÄ±àÒë½á¹û´¢´æÏÂÀ´¡£Èç¹û½«¸ ......
1 Ç°ÑÔ
2 ¼òÊöÈý²ã¼Ü¹¹
3 ½¨Á¢Õ¾µãµÄ´óÌå½á¹¹
3.1 ´úÂëĿ¼
3.2 Ê× ......
¶ÔÓÚÈý²ã¼Ü¹¹µÄ¸ÅÄîÐÔÒâÒå,ÍøÂçÉÏÓкܶàרÎÄ̽ÌÖ,ÈôÏëÉîÈëÁ˽â,¿ÉÒÔ×ÔÑ°½â´ð.±¾ÎĽö×÷ΪһÖÖÓ¦ÓÃÐÔ̽ÌÖ,½²µÄ¸ü¶àµÄÊÇʵÏÖµÄϸ½Ú.
¼òµ¥µØ½²,Èý²ã¼Ü¹¹Êǽ«´úÂë°´Æä×÷Ó÷ֳÉÈý²¿·Ö,ÿ²¿·Ö½â¾ö×Ô¼º¸ºÔðµÄÁ÷³Ì.
´Ó±íÈëÉî,·Ö±ðÊÇ:
½çÃæ²ã-UI&nb ......
ºÜ¶àSOHOER¶¼Ï£ÍûÓиö×Ô¼ºµÄÍøÕ¾,¶ø¶ÔÍøÕ¾½¨ÉèÒ»ÎÞËùÖª,»òÕßÒ»Öª°ë½â.½ñÌìÎÒÏȽ²³ÌÐò·½ÃæµÄÇø±ð,ÏàÐźܶàÈËÅöµ½ÁËÓÐЩ¹«Ë¾Ëµphp±ÈAsp,Asp.Net¶¼ÒªºÃ,»òÕßAsp±ÈÆäËûÓïÑÔ¶¼ÒªºÃ¡£Æäʵ,³ÌÐòµÄÓÅÂÔÓëÍøÕ¾¿ª·¢ÈËÔ±µÄ¾Ñé\¼¼ÊõˮƽÏà¹Ø£¬¶øÓïÑÔ±¾Éí²¢Ã»ÓÐʲôÓÅÂÔÖ®·Ö.¾Ñé¶àµÄ³ÌÐòÔ±,²»¹ÜʹÓõÄÄ ......
