·ÅÈëconn.aspÖÐ(¾Ü¾ø¹¥»÷ ÍòÄÜAsp·À×¢Èë´úÂë)

·ÅÈëconn.aspÖÐ(¾Ü¾ø¹¥»÷ ÍòÄÜAsp·À×¢Èë´úÂë)
·ÅÈëconn.aspÖÐ(¾Ü¾ø¹¥»÷ ÍòÄÜAsp·À×¢Èë´úÂë)
µÚÒ»ÖÖ£º
squery=lcase(Request.ServerVariables("QUERY_STRING"))
sURL=lcase(Request.ServerVariables("HTTP_HOST"))
 
SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
 
SQL_inj = split(SQL_Injdata,"|")
 
For SQL_Data=0 To Ubound(SQL_inj)
if instr(squery&sURL,Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQL·À×¢Èëϵͳ"
Response.end
end if
next
µÚ¶þÖÖ£º
 SQL_injdata =":|;|>|<|--|sp_|xp_|\|dir|cmd|^|(|)|+|$|'|copy|format|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
 
SQL_inj = split(SQL_Injdata,"|")
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQLͨÓ÷À×¢Èëϵͳ"
Response.end
end if
next
Next
End If
 
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
Response.Write "SQLͨÓ÷À×¢Èëϵͳ"
Response.end
end if
next
next
end if
Ò»°ãÕâÖÖÎÊÌâÊÇÍøÕ¾ÓЩ¶´£¬ÏµÍ³Â©¶´»òÕßSQL×¢È멶´£¬»òÕßÉÏ´«Îļþ©¶´£¬ÎÒÒ²ÉîÊÜÆä¿à£¬È»¶ø£¬ÈçºÎ·ÀÖ¹ÍøÒ³±»Ð޸ļÓÈë½Å±¾²¡¶¾? ÏÖ½«Õâ¸öÎÊÌâ×ܽá·ÖÏíÒ»ÏÂ.
1¡¢¼òµ¥µÄ²¹¾È´ëÊ©£ºÔÚ·þÎñÆ÷IISÖУ¬°ÑËùÓеÄASP£¬HTMLÎļþµÄÊôÐÔÉèÖÃΪEveryoneÖ»¶Á£¨Ò»°ãÊÇIUSR_£©£¬Ö»°ÑÊý¾Ý¿âµÄȨÏÞÉèÖóɿÉд£¬×¢Ò⣺Èç¹ûÄãûÓзþÎñÆ÷µÄ¹ÜÀíȨÏÞ£¬ÄÇôµÇ¼ÉϵĿռäftp£¬Ñ¡ÖÐÄÇЩ²»ÐèҪдÈëµÄÎļþ»òÎļþ¼Ð£¬ÓÒ¼üµã»÷-ÊôÐÔ£º°ÑÆäÖеÄÈý×éдÈëȨÏÞ¶¼È¡Ïû£¬µ«Èç¹ûÄãÓÐACCESSÊý¾Ý¿â£¬Òª°ÑÊý¾Ý¿âÉè³É¿Éд£¬²»È»¶ÁÊý¾Ýʱ»á³ö´í¡£
2¡¢ÏȰѶñÒâ´úÂëɾµô£¨Ìæ»»µô£©£¬È»ºó°ÑÍøվĿ¼ÏµÄËùÓÐÎļþÈ«²¿ÓÃɱÈíɱÏ ,È»ºóÒ»¸öÒ»¸ö¼ì²éÏÂÊÇ·ñ´æÔÚºóÃÅ.
3¡¢ÔÚÄãµÄ³ÌÐòÀïдÉÏÒÔÏ·À×¢È뺯Êý
 on error resume next   'ÕâÐдúÂë·Åµ½conn.aspµÄµÚÒ»ÐС£
 
'·ÀÖ