Response.Write "<br>字段名:" & Server.HTMLEncode(sItem)
Response.Write "<br>字段值:" & Server.HTMLEncode(sValue)
%27"()%26%25<zzz> 这个是啥?
字符分解与含义
<%@LANGUAGE="VBSCRIPT"%>
<%
Option Explicit
'<<--
Dim SysPath,dbPath,db
db=Server.MapPath("/db&shuju913/webdesign99.cn.mdb")
'-->>
'<<--
Dim conn,connstr
Set conn = Server.CreateObject("Adodb.Connection")
connstr="Provider=Microsoft.JET.OLEDB.4.0;Data Source="&db
conn.open(connstr)
'-->>
'<<--
Function CloseConn
conn.close
Set conn = Nothing
End Function
'
'Dim conn2,connstr2
'Set conn2 = Server.CreateObject("Adodb.Connection")
'connstr2="Provider=Microsoft.JET.OLEDB.4.0;Data Source="&Server.MapPath("../www/db&shuju913/webdesign99.cn.mdb")
'conn2.open(connstr2)
'Function CloseConn2
'conn2.close
'Set conn2 = Nothing
'
'
'End Function
'
'记录来路和本地址
dim comeUrl,thisUrl,thisUrlAll
comeUrl=Request.ServerVariables("HTTP_REFERER")
thisUrl=request.ServerVariables("PATH_INFO")
if request("id")<> "" then
thisUrlAll = "http://"&request.ServerVariables("Server_NAME")&request.ServerVariables("SCRIPT_NAME")&"?id"&chr(61)&""&request("id")
else
thisUrlAll = "http://"&request.ServerVariables("Server_NAME")&request.ServerVariables("SCRIPT_NAME")'全部url
end if
'安全设置
Const EnableStopInjection = True
Dim ScriptName
Dim ErrMsg
Dim FoundErr, UserTrueIP
'正则表达式相关的变量
Dim regEx, Match, Match2, Matches, Matches2
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.MultiLine = True
ScriptName = Trim(Request.ServerVariables("SCRIPT_NAME"))
UserTrueIP = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If UserTrueIP = "" Then UserTrueIP = Request.ServerVariables("REMOTE_ADDR")
UserTrueIP = ReplaceBadChar(UserTrueIP)
If EnableStopInjection = True Then
If Request.QueryString <> "" Then Call StopInjection(Request.QueryString)
If Request.Cookies <> "" Then Call StopInjection(Request.Cookies)
If LCase(Mid(ScriptName, InStrRev(ScriptName, "/") + 1)) <> "upfile.asp" Then
Call StopInjection2(Request.Form)
End If
End If
FoundErr = False
ErrMsg = ""
Sub StopInjection(Values)
Dim FoundInjection
regEx.Pattern = "'|;|([\s\b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b+]*)"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
FoundInjection = True
Response.Write "很抱歉,由于您提交的内容中含有危险的SQL注入代码,致使本次操作无效! "
Response.Write "<br>字段名:" & Server.HTMLEncode(sItem)
Response.Write "<br>字段值:" & Server.HTMLEncode(sValue)
Response.Write "<br>关键字:"
Set Matches = regEx.Execute(sValue)
For Each Match In Matches
Response.Write FilterJS(Match.value)
Next
Response.Write "<br><br>如果您是正常提交仍出现上面的提示,请联系站长修改Config.asp文件的第7行,暂时禁用掉防SQL注入功能,操作完成后再打开。"
End If
Next
If FoundInjection = True Then
Response.End
End If
End Sub
Sub StopInjection2(Values)
Dim FoundInjection
regEx.Pattern = "[';#()][\s+()]*(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s+]*"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
FoundInjection = True
Response.Write "很抱歉,由于您提交的内容中含有危险的SQL注入代码,致使本次操作无效! "
Response.Write "<br>字段名:" & sItem
Response.Write "<br>字段值:" & sValue
Response.Write "<br>关键字:"
Set Matches = regEx.Execute(sValue)
For Each Match In Matches
Response.Write FilterJS(Match.value)
Next
Response.Write "<br><br>如果您是正常提交仍出现上面的提示,请联系站长修改Config.asp文件的第7行,暂时禁用掉防SQL注入功能,操作完成后再打开。"
End If
Next
If FoundInjection = True Then
Response.End
End If
End Sub
'**************************************************
'函数名:ReplaceBadChar
'作 用:过滤非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************
Function ReplaceBadChar(strChar)
If strChar = "" Or IsNull(strChar) Then
ReplaceBadChar = ""
Exit Function
End If
Dim strBadChar, arrBadChar, tempChar, i
strBadChar = "+,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0) & ",--"
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For i = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(i), "")
Next
tempChar = Replace(tempChar, "@@", "@")
ReplaceBadChar = tempChar
End Function
'**************************************************
'函数名:ReplaceLabelBadChar
'作 用:函数标签过滤非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************
Function ReplaceLabelBadChar(strChar)
If strChar = "" Or IsNull(strChar) Then
ReplaceLabelBadChar = ""
Exit Function
End If
Dim strBadChar, arrBadChar, tempChar, i
strBadChar = "+,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & "," & Chr(0)
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For i = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(i), "")
Next
tempChar = Replace(tempChar, "@@", "@")
Dim oldString
oldString = ""
Do While oldString <> tempChar
oldString = tempChar
regEx.Pattern = "(select|union|update|insert|delete|exec|from|WD_admin|--)?"
tempChar = regEx.Replace(tempChar, "")
Loop
ReplaceLabelBadChar = tempChar
End Function
'**************************************************
'函数名:ReplaceUrlBadChar
'作 用:过滤Url中非法的SQL字符
'参 数:strChar-----要过滤的字符
'返回值:过滤后的字符
'**************************************************
Function ReplaceUrlBadChar(strChar)
If strChar = "" Or IsNull(strChar) Then
ReplaceUrlBadChar = ""
Exit Function
End If
Dim strBadChar, arrBadChar, tempChar, i
strBadChar = "+,',(,),<,>,[,],{,},\,;," & Chr(34) & "," & Chr(0) & ",--"
arrBadChar = Split(strBadChar, ",")
tempChar = strChar
For i = 0 To UBound(arrBadChar)
tempChar = Replace(tempChar, arrBadChar(i), "")
Next
tempChar = Replace(tempChar, "@@", "@")
ReplaceUrlBadChar = tempChar
End Function
'=================================================
'函数名:ReplaceBadUrl
'作 用:过滤非法Url地址函数
'=================================================
Function ReplaceBadUrl(ByVal strContent)
regEx.Pattern = "(a|%61|%41)(d|%64|%44)(m|%6D|4D)(i|%69|%49)(n|%6E|%4E)(\_|%5F)(.*?)(.|%2E)(a|%61|%41)(s|%73|%53)(p|%70|%50)"
Set Matches = regEx.Execute(strContent)
For Each Match In Matches
strContent = Replace(strContent, Match.value, "")
Next
regEx.Pattern = "(u|%75|%55)(s|%73|%53)(e|%65|%45)(r|%72|%52)(\_|%5F)(.*?)(.|%2E)(a|%61|%41)(s|%73|%53)(p|%70|%50)"
Set Matches = regEx.Execute(strContent)
For Each Match In Matches
strContent = Replace(strContent, Match.value, "")
Next
ReplaceBadUrl = strContent
End Function
'**************************************************
'函数名:CheckBadChar
'作 用:检查是否包含非法的SQL字符
'参 数:strChar-----要检查的字符
'返回值:True ----字符合法
' False ----字符不合法
'**************************************************
Function CheckBadChar(strChar)
Dim strBadChar, arrBadChar, i
strBadChar = "@@,+,',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & ",--,union,select,insert,delete,from,WD_admin"
arrBadChar = Split(strBadChar, ",")
If strChar = "" Then
CheckBadChar = False
Else
Dim tempChar
tempChar = LCase(strChar)
For i = 0 To UBound(arrBadChar)
If InStr(tempChar, arrBadChar(i)) > 0 Then
CheckBadChar = False
Exit Function
End If
Next
End If
CheckBadChar = True
End Function
Function CheckUserBadChar(strChar)
Dim strBadChar, arrBadChar, i
strBadChar = "',%,^,&,?,(,),<,>,[,],{,},/,\,;,:," & Chr(34) & ",*,|,"",.,#,union,select,insert,delete,from,WD_admin"
arrBadChar = Split(strBadChar, ",")
If strChar = "" Then
CheckUserBadChar = False
Else
Dim tempChar
tempChar = LCase(strChar)
For i = 0 To UBound(arrBadChar)
If InStr(tempChar, arrBadChar(i)) > 0 Then
CheckUserBadChar = False
Exit Function
End If
Next
End If
CheckUserBadChar = True
End Function
'参 数:strInput 需要过滤的内容
'=================================================
Function FilterJS(ByVal strInput)
If IsNull(strInput) Or Trim(strInput) = "" Then
FilterJS = ""
Exit Function
End If
Dim reContent
' 替换掉HTML字符实体(Character Entities)名字和分号之间的空白字符,比如:ä ;替换成ä
regEx.Pattern = "(&#*\w+)[\x00-\x20]+;"
strInput = regEx.Replace(strInput, "$1;")
' 将无分号结束符的数字编码实体规范成带分号的标准形式
regEx.Pattern = "(&#x*[0-9A-F]+);*"
strInput = regEx.Replace(strInput, "$1;")
' 将 < > & "字符实体中的 & 替换成 & 以便在进行HtmlDecode时保留这些字符实体
'RegEx.Pattern = "&(amp|lt|gt|nbsp|quot);"
'strInput = RegEx.Replace(strInput, "&$1;")
' 将HTML字符实体进行解码,以消除编码字符对后续过滤的影响
'strInput = HtmlDecode(strInput);
' 将ASCII码表中前32个字符中的非打印字符替换成空字符串,保留 9、10、13、32,它们分别代表 制表符、换行符、回车符和空格。
regEx.Pattern = "[\x00-\x08\x0b-\x0c\x0e-\x19]"
strInput = regEx.Replace(strInput, "")
oldhtmlString = ""
Do While oldhtmlString <> strInput
oldhtmlString = strInput
regEx.Pattern = "(<[^>]+src[\x00-\x20]*=[\x00-\x20]*[^>]*?)&#([^>]*>)" '过虑掉 src 里的 &#
strInput = regEx.Replace(strInput, "$1&#$2")
regEx.Pattern = "(<[^>]+style[\x00-\x20]*=[\x00-\x20]*[^>]*?)&#([^>]*>)" '过虑掉style 里的 &#
strInput = regEx.Replace(strInput, "$1&#$2")
regEx.Pattern = "(<[^>]+style[\x00-\x20]*=[\x00-\x20]*[^>]*?)\\([^>]*>)" '替换掉style中的 "\"
strInput = regEx.Replace(strInput, "$1/$2")
Loop
' 替换以on和xmlns开头的属性,动易系统的几个JS需要保留
regEx.Pattern = "on(load\s*=\s*""*'*resizepic\(this\)'*""*)"
strInput = regEx.Replace(strInput, "off$1")
regEx.Pattern = "on(mousewheel\s*=\s*""*'*return\s*bbimg\(this\)'*""*)"
strInput = regEx.Replace(strInput, "off$1")
regEx.Pattern = "(<[^>]+[\x00-\x20""'/])(on|xmlns)([^>]*)>"
strInput = regEx.Replace(strInput, "$1pe$3>")
regEx.Pattern = "off(load\s*=\s*""*'*resizepic\(this\)'*""*)"
strInput = regEx.Replace(strInput, "on$1")
regEx.Pattern = "off(mousewheel\s*=\s*""*'*return\s*bbimg\(this\)'*""*)"
strInput = regEx.Replace(strInput, "on$1")
' 替换javascript
regEx.Pattern = "([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`'""]*)[\x00-\x20]*j[\x00-\x20]*a[\x00-\x20]*v[\x00-\x20]*a[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:"
strInput = regEx.Replace(strInput, "$1=$2nojavascript...")
' 替换vbscript
regEx.Pattern = "([a-z]*)[\x00-\x20]*=[\x00-\x20]*([`'""]*)[\x00-\x20]*v[\x00-\x20]*b[\x00-\x20]*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:"
strInput = regEx.Replace(strInput, "$1=$2novbscript...")
'替换style中的注释部分,比如:<div style="xss:expres/*comment*/sion(alert(x))">
regEx.Pattern = "(<[^>]+style[\x00-\x20]*=[\x00-\x20]*[^>]*?)/\*[^>]*\*/([^>]*>)"
strInput = regEx.Replace(strInput, "$1$2")
' 替换expression
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*[eeE][xxX][ppP][rrR][eeE][ssS][ssS][iiI][ooO][nnN][\x00-\x20]*[\(\(][^>]*>"
strInput = regEx.Replace(strInput, "$1>")
' 替换behaviour
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*behaviour[^>]*>>"
strInput = regEx.Replace(strInput, "$1>")
' 替换behavior
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*behavior[^>]*>>"
strInput = regEx.Replace(strInput, "$1>")
' 替换script
regEx.Pattern = "(<[^>]+)style[\x00-\x20]*=[\x00-\x20]*([`'""]*).*s[\x00-\x20]*c[\x00-\x20]*r[\x00-\x20]*i[\x00-\x20]*p[\x00-\x20]*t[\x00-\x20]*:*[^>]*>"
strInput = regEx.Replace(strInput, "$1>")
' 替换namespaced elements 不需要
regEx.Pattern = "</*\w+:\w[^>]*>"
strInput = regEx.Replace(strInput, " ")
Dim oldhtmlString
oldhtmlString = ""
Do While oldhtmlString <> strInput
oldhtmlString = strInput
'实行严格过滤
regEx.Pattern = "</*(applet|meta|xml|blink|link|style|script|embed|object|iframe|frame|frameset|ilayer|layer|bgsound|title|base)[^>]*>?"
strInput = regEx.Replace(strInput, " ")
'过滤掉SHTML的Include包含文件漏洞
regEx.Pattern = "<!--\s*#include[^>]*>"
strInput = regEx.Replace(strInput, "noshtml")
'If FilterLevel > 0 Then
' '实行严格过滤
' RegEx.Pattern = "</*(embed|object)[^>]*>"
' strInput = RegEx.Replace(strInput, "")
'End If
Loop
FilterJS = strInput
End Function
Private Function RemoveStr(str1, str2, strSplit)
If IsNull(str1) Or str1 = "" Then
RemoveStr = ""
Exit Function
End If
If IsNull(str2) Or str2 = "" Then
RemoveStr = str1
Exit Function
End If
If InStr(str1, strSplit) > 0 Then
Dim arrStr, tempStr, i
arrStr = Split(str1, strSplit)
For i = 0 To UBound(arrStr)
If arrStr(i) <> str2 Then
If tempStr = "" Then
tempStr = arrStr(i)
Else
tempStr = tempStr & strSplit & arrStr(i)
End If
End If
Next
RemoveStr = tempStr
Else
If str1 = str2 Then
RemoveStr = ""
Else
RemoveStr = str1
End If
End If
End Function
Private Function AppendStr(str1, str2, strSplit)
If IsNull(str2) Or str2 = "" Then
AppendStr = str1
Exit Function
End If
If IsNull(str1) Or str1 = "" Then
AppendStr = str2
Exit Function
End If
Dim Foundstr, arrStr, i
Foundstr = False
If InStr(str1, strSplit) > 0 Then
arrStr = Split(str1, strSplit)
For i = 0 To UBound(arrStr)
If arrStr(i) = str2 Then
Foundstr = True
Exit For
End If
Next
Else
If str1 = str2 Then
Foundstr = True
End If
End If
If Foundstr = False Then
AppendStr = str1 & strSplit & str2
Else
AppendStr = str1
End If
End Function
Private Function StyleDisplay(Compare1, Compare2)
If Compare1 = Compare2 Then
StyleDisplay = ""
Else
StyleDisplay = "none"
End If
End Function
Private Function IsRadioChecked(Compare1, Compare2)
If Compare1 = Compare2 Then
IsRadioChecked = " checked"
Else
IsRadioChecked = ""
End If
End Function
Private Function IsOptionSelected(Compare1, Compare2)
If Compare1 = Compare2 Then
IsOptionSelected = " selected"
Else
IsOptionSelected = ""
End If
End Function
Private Function FixJs(str)
If str <> "" Then
str = Replace(str, "'", "'")
str = Replace(str, "\", "\\")
str = Replace(str, Chr(34), "\""")
str = Replace(str, Chr(39), "\'")
str = Replace(str, Chr(13), "\n")
str = Replace(str, Chr(10), "\r")
str = Replace(str, "'", "'")
str = Replace(str, """", """)
End If
FixJs = str
End Function
Private Function Html2Js(str)
If str <> "" Then
str = Replace(str, Chr(34), "\""")
str = Replace(str, Chr(39), "\'")
str = Replace(str, Chr(13), "\n")
str = Replace(str, Chr(10), "\r")
End If
Html2Js = str
End Function
%>
最新评论