UC知道网页防注入
来源:百度知道 编辑:UC知道 时间:2024/09/28 15:33:01
今天我的网站已连续两次被人注入病毒代码.
请问这样在在 body 里 加入下面的代码有没有用?
<% Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
'Str = Replace(Str, """", """, 1, -1, 1)
Str = Replace(Str,"<;","<;", 1, -1, 1)
Str = Replace(Str,">;",">;", 1, -1, 1)
Str = Replace(Str, "script", "script", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "Script", 1, -1, 0)
Str = Replace(Str, "script", "Script", 1, -1, 1)
Str = Replace(Str, "objec
请问这样在在 body 里 加入下面的代码有没有用?
<% Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = ""
Exit Function
End If
Str = Replace(Str,Chr(0),"", 1, -1, 1)
'Str = Replace(Str, """", """, 1, -1, 1)
Str = Replace(Str,"<;","<;", 1, -1, 1)
Str = Replace(Str,">;",">;", 1, -1, 1)
Str = Replace(Str, "script", "script", 1, -1, 0)
Str = Replace(Str, "SCRIPT", "SCRIPT", 1, -1, 0)
Str = Replace(Str, "Script", "Script", 1, -1, 0)
Str = Replace(Str, "script", "Script", 1, -1, 1)
Str = Replace(Str, "objec
'===============================================================================
'SQL注入过滤
'2008-10-25
'===============================================================================
Dim QueryData,FormData,QueryName,Name
QueryData="'|''|;|,|*|%|and|exec|insert|select|update|delete|count|master|truncate|char|declare|where|set|declare|mid|chr|set|chr(37)|net"
FormData=""
'对 get query 值 的过滤.
if request.QueryString<>"" then
adoData=split(QueryData,"|")
FOR EACH QueryName IN Request.QueryString
for i=0 to ubound(adoData)
If Instr(LCase(request.QueryString(QueryName)),adoData(i))<>0 Then
Response.Write "<Script Language=javascript>alert('请不要提交非法请求!');history.back(-1)</Script>"
Response.end
End If
NEXT
NEXT
End if
'对 post 表 单值的过滤.
if reque