查看内容

防注入函数

  • 2020-04-08 18:18
  • 数据库知识
  • Views

防注入函数

Dim regEx, Match, Match2, Matches, Matches2Set regEx = New RegExpregEx.IgnoreCase = TrueregEx.Global = TrueregEx.MultiLine = True

If Request.QueryString Then Call StopInjection(Request.QueryString)If Request.Cookies Then Call StopInjection(Request.Cookies)

Sub StopInjection(Values) Dim FoundInjection regEx.Pattern = '|;|#|([/s/b+()]+(select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[/s/b+]*) Dim sItem, sValue For Each sItem In Values sValue = Values(sItem) If regEx.Test(sValue) Then FoundInjection = True Response.Write 很抱歉,由于您提交的内容中含有危险的SQL注入代码,致使本次操作无效! Response.Write br字段名: sItem Response.Write br字段值: sValue Response.Write br关键字: Set Matches = regEx.Execute(sValue) For Each Match In Matches Response.Write FilterJS(Match.value) Next Response.Write brbr如果您是正常提交仍出现上面的提示,请联系站长修改Config.asp文件的第7行,暂时禁用掉防SQL注入功能,操作完成后再打开。 End If Next If FoundInjection = True Then Response.End End IfEnd Sub