|
|
Function Checkstr(Str)
If Isnull(Str) Then
CheckStr = \"\"
Exit Function
End If
Str = Replace(Str,Chr(0),\"\", 1, -1, 1)
Str = Replace(Str, \"\"\"\", \"\"\", 1, -1, 1)
Str = Replace(Str,\"<\",\"<\", 1, -1, 1)
Str = Replace(Str,\">\",\">\", 1, -1, 1)
Str = Replace(Str, \"script\", \"script\", 1, -1, 0)
Str = Replace(Str, \"SCRIPT\", \"SCRIPT\", 1, -1, 0)
Str = Replace(Str, \"Script\", \"Script\", 1, -1, 0)
Str = Replace(Str, \"script\", \"Script\", 1, -1, 1)
Str = Replace(Str, \"object\", \"object\", 1, -1, 0)
Str = Replace(Str, \"OBJECT\", \"OBJECT\", 1, -1, 0)
Str = Replace(Str, \"Object\", \"Object\", 1, -1, 0)
Str = Replace(Str, \"object\", \"Object\", 1, -1, 1)
Str = Replace(Str, \"applet\", \"applet\", 1, -1, 0)
Str = Replace(Str, \"APPLET\", \"APPLET\", 1, -1, 0)
Str = Replace(Str, \"Applet\", \"Applet\", 1, -1, 0)
Str = Replace(Str, \"applet\", \"Applet\", 1, -1, 1)
Str = Replace(Str, \"[\", \"[\")
Str = Replace(Str, \"]\", \"]\")
Str = Replace(Str, \"\"\"\", \"\", 1, -1, 1)
Str = Replace(Str, \"=\", \"=\", 1, -1, 1)
Str = Replace(Str, \"’\", \"’’\", 1, -1, 1)
Str = Replace(Str, \"select\", \"select\", 1, -1, 1)
Str = Replace(Str, \"execute\", \"execute\", 1, -1, 1)
Str = Replace(Str, \"exec\", \"exec\", 1, -1, 1)
Str = Replace(Str, \"join\", \"join\", 1, -1, 1)
Str = Replace(Str, \"union\", \"union\", 1, -1, 1)
Str = Replace(Str, \"where\", \"where\", 1, -1, 1)
Str = Replace(Str, \"insert\", \"insert\", 1, -1, 1)
Str = Replace(Str, \"delete\", \"delete\", 1, -1, 1)
Str = Replace(Str, \"update\", \"update\", 1, -1, 1)
Str = Replace(Str, \"like\", \"like\", 1, -1, 1)
Str = Replace(Str, \"drop\", \"drop\", 1, -1, 1)
Str = Replace(Str, \"create\", \"create\", 1, -1, 1)
Str = Replace(Str, \"rename\", \"rename\", 1, -1, 1)
Str = Replace(Str, \"count\", \"count\", 1, -1, 1)
Str = Replace(Str, \"chr\", \"chr\", 1, -1, 1)
Str = Replace(Str, \"mid\", \"mid\", 1, -1, 1)
Str = Replace(Str, \"truncate\", \"truncate\", 1, -1, 1)
Str = Replace(Str, \"nchar\", \"nchar\", 1, -1, 1)
Str = Replace(Str, \"char\", \"char\", 1, -1, 1)
Str = Replace(Str, \"alter\", \"alter\", 1, -1, 1)
Str = Replace(Str, \"cast\", \"cast\", 1, -1, 1)
Str = Replace(Str, \"exists\", \"exists\", 1, -1, 1)
Str = Replace(Str,Chr(13),\"
\", 1, -1, 1)
CheckStr = Replace(Str,\"’\",\"’’\", 1, -1, 1)
End Function
Rem ## 长整数转换
Function toNum(s, default)
If IsNumeric(s) and s <> \"\" then
toNum = CLng(s)
Else
toNum = default
End If
End Function
Rem ## SQL 语句转换
Function toSql(str)
If IsNull(str) Then str = \"\"
toSql = replace(str, \"'\", \"''\")
End Function
示例:
Dim sql
Dim strWhere, strName, intAge
strName = toSql(request(\"user\"))
intAge = toNum(request(\"age\"), 20)
sql = \"SELECT * FROM [USER]\" & _
\"WHERE [AGE] > \" & strName & _
\" AND [USERNAME] = '\" & intAge & \"'\"
一般情况下, 通过上面两个函数的过虑, 可以杜绝网上的SQL注入攻击!如果你觉得有需要, 可以加上对chr(0)的替换, 将toSql函数改为如下:
Function toSql(str)
If IsNull(str) Then str = \"\"
str = replace(str, chr(0), \"\")
toSql = replace(str, \"'\", \"''\")
End Function
另注:
***********************************************************************
检测外部提交的函数
Function CheckUrlRefer()
Dim strLocalUrl, intUrlLen, strUrlRefer
strLocalUrl = \"http://127.0.0.1\"
intUrlLen = Len(strLocalUrl)
strUrlRefer = LCase(request.ServerVariables(\"HTTP_REFERER\") & \"\")
'检测前一个页面是否来自 strLocalUrl
If Left(strUrlRefer, intUrlLen) = strLocalUrl Then
CheckUrlRefer = True
Else
CheckUrlRefer = False
End If
End Function
***********************************************************************
该函数可以帮助你抵挡外部的SQL注入测试, 只需要在页面的头部调用即可.
通过简单的两个小函数, 让你的ASP程序更安全!
欢迎高手指正(请将绕过这两个函数的方法写出来)!
相关讨论页面:
http://www.lang2008.cn/blog/read.php?24
http://www.lang2008.cn/blog/read.php?24
http://www.lang2008.cn/blog/read.php?24
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
dim qs,errc,iii
qs=request.servervariables(\"query_string\")
dim nothis(18)
nothis(0)=\"net user\"
nothis(1)=\"xp_cmdshell\"
nothis(2)=\"/add\"
nothis(3)=\"exec%20master.dbo.xp_cmdshell\"
nothis(4)=\"net localgroup administrators\"
nothis(5)=\"select\"
nothis(6)=\"count\"
nothis(7)=\"asc\"
nothis(8)=\"char\"
nothis(9)=\"mid\"
nothis(10)=\"'\"
nothis(11)=\":\"
nothis(12)=\"\"\"\"
nothis(13)=\"insert\"
nothis(14)=\"delete\"
nothis(15)=\"drop\"
nothis(16)=\"truncate\"
nothis(17)=\"from\"
nothis(18)=\"%\"
errc=false
for iii= 0 to ubound(nothis)
if instr(qs,nothis(iii))<>0 then
errc=true
end if
next
if errc then
Response.Write(\"对不起,非法URL地址请求!\")
response.end
end if
***************************************************************
当然这方法做得太“绝”了,但是我也是没有办法啊。这个方法是在网上看到的,运行于一个网站上,现在一切良好。为了安全我只能这样。我想只要有关SQL的敏感单词都进行过滤掉应该没有什么吧,当然像楼主的做到那一步是基本上可以了,可以修补一下用用。记得我最初用的是《SQL注入天书》上面提供的防范方法,后来才改用这个。
将我以前用的代码也帖出来供参考,大家有兴趣可以去百度或GOOGLE中搜索一下《SQL注入天书》了解
使用这个函数,对客户端提交来的数据进行验证。。。
<%
Function SafeRequest(ParaName,ParaType)
'--- 传入参数 ---
'ParaName:参数名称-字符型
'ParaType:参数类型-数字型(1表示以上参数是数字,0表示以上参数为字符)
Dim ParaValue
ParaValue=Request(ParaName)
If ParaType=1 then
If not isNumeric(ParaValue) then
Response.write \"参数\" & ParaName & \"必须为数字型!\"
Response.end
End if
Else
ParaValue=replace(ParaValue,\"'\",\"''\")
End if
SafeRequest=ParaValue
End function |
|
发表于 2008-6-14 20:00:34