Ò»¸öasp·Å×¢È뺯Êý
sub aspsql()
SQL_injdata = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
response.write "<mce:script language='javascript'><!--
"
response.write "alert('ÍøÕ¾°²È«Ìáʾ£ºÇë²»ÒªÔÚ²ÎÊýÖаüº¬·Ç·¨×Ö·û£¡');"
response.write "location.href='javascript:history.go(-1)';"
response.write "
// --></mce:script>"
response.end
end if
next
next
end if
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
response.write "<mce:script language='javascript'><!--
"
response.write "alert('ÍøÕ¾°²È«Ìáʾ£ºÇë²»ÒªÔÚ²ÎÊýÖаüº¬·Ç·¨×Ö·û£¡');"
response.write "location.href='javascript:history.go(-1)';"
response.write "
// --></mce:script>"
response.end
end if
next
Next
end If
end sub
Ïà¹ØÎĵµ£º
Ò³Ãæ×Ô¶¯Ë¢Ð´úÂë´óÈ«£¬»ù±¾ÉÏËùÓÐÒªÇó×Ô¶¯Ë¢ÐÂÒ³ÃæµÄ´úÂ붼ÓУ¬´ó¼Ò¿ÉÒÔ×ÔÓÉ·¢»Ó×ö³öÍêÃÀµÄÒ³Ãæ¡£
1)
10±íʾ¼ä¸ô10ÃëË¢ÐÂÒ»´Î
2)
<script>
window.location.reload(true);
</script>
Èç¹ûÊÇÄãҪˢÐÂijһ¸öiframe¾Í°Ñwindow¸ø»»³ÉframeµÄÃû×Ö»òIDºÅ
3)
<script>
window.navigate("±¾Ò³Ãæurl"); ......
̽Ë÷Èí¼þ¹¤×÷ÊÒ³¤ÆÚרҵ³Ð½ÓÖÐСÐÍÉÌÒµÈí¼þ»òÍøÕ¾£¬×îÓŻݵļ۸ñºÍ¸ßÖÊÁ¿µÄ·þÎñÆÚ´ýÄúµÄ»Ý¹Ë£¡
±¾¹¤×÷ÊÒ³Ð½Ó JSP ASP VB PB LotusNotes µÈÓïÑÔÒªÇóµÄÓ¦ÓÃϵͳ¿ª·¢ÒµÎñ
java jspʵսԴ³ÌÐò´úÂë:
......
¶¯Ì¬ÍøÒ³¿ª·¢——ASPÁ¬½ÓSQL2005Êý¾Ý¿â
˵Ã÷£ºa¡¢ÒÔÏÂ×Ö·ûÖÐÊý¾Ý¿âÃûforum£¬Êý¾Ý¿â·þÎñÆ÷ÃûWWW-2443D34E558\SQL2005£¨»òÕß127.0.0.1£©
b¡¢²é¿´sqlÊý¾Ý¿â·þÎñÆ÷Ãû³Æ£º¶ÔÏó×ÊÔ´¹ÜÀíÆ÷->Êý¾Ý¿â->ÓÒ¼üµã»÷×Ô¼º½¨µÄÊý¾Ý¿â->ÊôÐÔ->ȨÏÞ
c¡¢Provider=sqlncliÒ²¿ÉÒÔ,UIDÓë“=”Ö®¼ä²»¿ÉÒÔ ......
Ò³ÃæÉúÃüÖÜÆÚ
Ò³ ÃæÉúÃüÖÜÆÚÖ´ÐÐһϵÁв½Ö裺ҳÃæµÄ³õʼ»¯¡¢ÊµÀý»¯¿Ø¼þ¡¢»¹ÔºÍά»¤×´Ì¬¡¢ÔËÐÐʼþ´¦Àí³ÌÐò´úÂë¡¢³ÊÏÖ¡£ÎªÁËÔÚºÏÊʵĽ׶ÎÖ´ÐÐËùÐèµÄ´úÂ룬ËùÒÔÒª¶ÔÒ³ÃæÉúÃü ÖÜÆڷdz£ÊìϤ¡£ÔÚÒ³ÉúÃüÖÜÆڵĸ÷¸ö½×¶Î£¬Ò³Ãæ»áÖð¸öÒý·¢¶¨ÒåµÄʼþ£¬Í¨¹ý¶Ô´úÂ뿪·¢£¬ÔÚÒ³ÃæµÄÉúÃüʼþÖÐÖ´ÐÐÎÒÃÇËùÐèÒªµÄ³ÌÐò
Ò³ÉúÃüÖÜÆڽ׶Î
1¡ ......
1.·Å×¢È뺯Êý
sub aspsql()
SQL_injdata = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
SQL_inj = split(SQL_Injdata,"|")
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post) ......
