ASP防注入之解決方案
特殊頁面處理
因為有些頁通過流式傳遞(比如含有文件上傳的表單)
如果單一使用窮舉Form對象的操作就會出錯
所以要把這些頁面過濾出來
垃圾豬
將本頁用include方法放在頭部以讓所有頁都可以調用
如果有流式上傳的頁面請把該頁加到表page中
Dim N_no
N_userip = Request
N_thispage = LCase(Request
N_no =
N_noarray = split(LCase(N_no)
Call DBopen()
Call N_check_Qs()
Call N_checkPage()
Call DBCLose()
檢測當前頁是否是特殊頁是就調用 N_check_form()
sub N_checkPage()
set N_rs = server
N_rs
if (N_rs
Call N_check_form()
end if
N_rs
set N_rs = nothing
end sub
檢測給定字串
sub N_sql(agsql)
這裡是不記錄數據庫
N_check
end sub
檢測Request
sub N_check_form()
If Request
For Each req_F In Request
N_check req_F
Next
end if
end sub
檢測Request
sub N_check_Qs()
If Request
For Each req_Qs In Request
N_check req_Qs
Next
end if
end sub
檢測
sub N_check(ag
For N_i=
If Instr(LCase(agsql)
call N_regsql(ag
Response
end if
Next
end sub
記錄並停止輸出
ag 名稱
agsql 內容
sqltype 類型
sub N_regsql(ag
if(sqltype
Conn
end if
Response
Response
Response
Response
Response
Response
Response
Response
Response
end sub
Sub DBopen()
N_dbstr=
Set Conn=Server
Conn
end SUB
Sub DBCLose()
Conn
Set Conn = Nothing
End sub
From:http://tw.wingwit.com/Article/program/net/201311/11888.html