hzhost·Àasp¹¥»÷º¯Êý
hzhost·Àasp¹¥»÷º¯Êý
Function SafeRequest(ParaName)
Dim ParaValue
ParaValue=Request(ParaName)
if IsNumeric(ParaValue) then
SafeRequest=ParaValue
exit Function
else
ParaValuetemp=lcase(ParaValue)
tempvalue="select
|insert |delete from|'|count(|drop table|update |truncate
|asc(|mid(|char(|xp_cmdshell|exec master|net localgroup
administrators|net user| or | and |%20from"
temps=split(tempvalue,"|")
for mycount=0 to ubound(temps)
if Instr(ParaValuetemp,temps(mycount)) > 0 then
call errorpage(-2,"·Ç·¨ÇëÇ󣡣¡£¡")
response.end
end if
next
SafeRequest=ParaValue
end if
End function
'=================
Ïà¹ØÎĵµ£º
ÔÎÄÒýÓÃ:
http://www.17558.net/cmd.asp?act=tb&id=16&key=43840
ÔÎĵØÖ·:http://www.17558.net/post/16.html
żÊÇÒ»¸öµ×²ãµÄASP¼¼ÊõÈËÔ±(ÊôÓÚ°ë·³ö¼ÒµÄÄÇÖÖ,ÒÔǰÊÇÒ»ÃûÍøÂç¼¼ÊõÈËÔ±),×î½ü²ÎÓëÖÆ×÷Ò»¸öCRMϵͳ,¼Ü¹»²ÉÓÃASP+SQL,¿¼Âǵ½ÒÔºóÊý¾Ý²éѯЧÂÊÎÊÌâ,ËùÒÔÔÚÍøÉÏÕÒÁËÒ»¸ö AspÊý¾Ý²Ù×÷×é¼þ(°ÙÍò¼¶·ÖÒ³) , ......
ºÜ¶àʱºò,ÎÒÃDzÉÓÃÔʼµÄ·½·¨À´½â¾öÒ»ÐÐÄÚÑ»·3ÕÅͼƬ,Èç¹ûÉÏ´«ÕßÖ»ÉÏ´«ÁË2ÕÅͼƬ,ÄÇô2ÕÅͼƬ¼äµÄ¾àÀë»áºÜ´ó,ÒòΪȱÉÙÁËÒ»¸ö<td> </td>.
<table border="0" cellpadding="0" cellspacing="0">
<%
dim rs,sqltext
set rs = Server.CreateObject("adodb.recordset")
sqltext="sel ......
ÔÚ ASP ÖÐʹÓà Request.ServerVariables("REMOTE_ADDR") À´È¡µÃ¿Í»§¶ËµÄ IP µØÖ·£¬µ«Èç¹û¿Í»§¶ËÊÇʹÓôúÀí·þÎñ
Æ÷À´·ÃÎÊ£¬ÄÇÈ¡µ½µÄ¾ÍÊÇ´úÀí·þÎñÆ÷µÄ IP µØÖ·£¬¶ø²»ÊÇÕæÕýµÄ¿Í»§¶Ë IP µØÖ·¡£ÒªÏë͸¹ý´úÀí·þÎñÆ÷È¡µÃ¿Í»§¶ËµÄÕæÊµ
IP µØÖ·£¬¾ÍҪʹÓÃ& ......
ºÜ¶àSOHOER¶¼Ï£ÍûÓиö×Ô¼ºµÄÍøÕ¾,¶ø¶ÔÍøÕ¾½¨ÉèÒ»ÎÞËùÖª,»òÕßÒ»Öª°ë½â.½ñÌìÎÒÏȽ²³ÌÐò·½ÃæµÄÇø±ð,ÏàÐźܶàÈËÅöµ½ÁËÓÐЩ¹«Ë¾Ëµphp±ÈAsp,Asp.Net¶¼ÒªºÃ,»òÕßAsp±ÈÆäËûÓïÑÔ¶¼ÒªºÃ¡£Æäʵ,³ÌÐòµÄÓÅÂÔÓëÍøÕ¾¿ª·¢ÈËÔ±µÄ¾Ñé\¼¼ÊõˮƽÏà¹Ø£¬¶øÓïÑÔ±¾Éí²¢Ã»ÓÐʲôÓÅÂÔÖ®·Ö.¾Ñé¶àµÄ³ÌÐòÔ±,²»¹ÜʹÓõÄÄ ......