28,391
社区成员
发帖
与我相关
我的任务
分享
...全文
请发表友善的回复…
发表回复
yaoshanghuan 2009-06-19
- 打赏
- 举报
知识单纯从网上下个放注入不管用的,最好自己写一个request方法过滤一下敏感的字符,用它替代自带的request方法,然后结合防注入文件,这样效果比较明显,因为据说网上流传的防注入文件能被高手破解掉,,,持续关注中,现在的SQL注入太讨厌了。。
落日听风 2009-06-19
- 打赏
- 举报
sql 防注入就行,还要把所有的木马代码和文件爱你都清除
shenzhenNBA 2009-06-19
- 打赏
- 举报
主要是从代码防止,如下是防SQL注入ASP代码如下:
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & Request.ServerVariables("SERVER_PORT")
strTemp = strTemp & Request.ServerVariables("URL")
If Trim(Request.QueryString) <> "" Then strTemp = strTemp & "?" & Trim(Request.QueryString)
strTemp = LCase(strTemp)
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators") or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
Response.Write "<script language='javascript'>"
Response.Write "alert('非法URL或地址!!');"
Response.Write "location.href='error.asp';"
Response.Write "<script>"
Response.end()
End If
%>
<%
On Error Resume Next
Dim strTemp
If LCase(Request.ServerVariables("HTTPS")) = "off" Then
strTemp = "http://"
Else
strTemp = "https://"
End If
strTemp = strTemp & Request.ServerVariables("SERVER_NAME")
If Request.ServerVariables("SERVER_PORT") <> 80 Then strTemp = strTemp & ":" & Request.ServerVariables("SERVER_PORT")
strTemp = strTemp & Request.ServerVariables("URL")
If Trim(Request.QueryString) <> "" Then strTemp = strTemp & "?" & Trim(Request.QueryString)
strTemp = LCase(strTemp)
If Instr(strTemp,"select%20") or Instr(strTemp,"insert%20") or Instr(strTemp,"delete%20from") or Instr(strTemp,"count(") or Instr(strTemp,"drop%20table") or Instr(strTemp,"update%20") or Instr(strTemp,"truncate%20") or Instr(strTemp,"asc(") or Instr(strTemp,"mid(") or Instr(strTemp,"char(") or Instr(strTemp,"xp_cmdshell") or Instr(strTemp,"exec%20master") or Instr(strTemp,"net%20localgroup%20administrators") or Instr(strTemp,":") or Instr(strTemp,"net%20user") or Instr(strTemp,"'") or Instr(strTemp,"%20or%20") then
Response.Write "<script language='javascript'>"
Response.Write "alert('非法URL或地址!!');"
Response.Write "location.href='error.asp';"
Response.Write "<script>"
Response.end()
End If
%>
调皮的蟠桃 2009-06-19
- 打赏
- 举报
我急切想知道这个问题的答案,帮顶!
langzi_net 2009-06-19
- 打赏
- 举报
顶,我也想知道
