揭秘asp常用函數(shù)庫大全(4)_ASP教程

教程Tag：暫無Tag,歡迎添加,賺取U幣!

推薦：詳解將ASP頁面改為偽靜態(tài)的簡單方法
目前很多網(wǎng)站都采用生成靜態(tài)頁的方法，原因是這樣訪問速度會得到提高(服務(wù)器端CPU利用率很低)，另外也容易被搜索引擎收錄，但是這帶來的一個問題就是需要足夠大的空間存放這些靜態(tài)頁面，如果你的空間不是很富裕，而又想有利于被搜索引擎收錄，其實可以采用偽

’----------------------------------數(shù)據(jù)過濾 ↓---------------------------------------
Function CheckSql() ’防止SQL注入
    Dim sql_injdata
    SQL_injdata = "’|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
    SQL_inj = split(SQL_Injdata,"|")
    If Request.QueryString<>"" Then
        For Each SQL_Get In Request.QueryString
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language=’javascript’>{alert(’請不要在參數(shù)中包含非法字符！’);history.back(-1)}</Script>"
                    Response.end
                end if
            next
        Next
    End If
    If Request.Form<>"" Then
        For Each Sql_Post In Request.Form
            For SQL_Data=0 To Ubound(SQL_inj)
                if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
                    Response.Write "<Script Language=’javascript’>{alert(’請不要在參數(shù)中包含非法字符！’);history.back(-1)}    </Script>"
                    Response.end
                end if
            next
        next
    end if
End Function

Function CheckStr(byVal ChkStr) ’檢查無效字符
    Dim Str:Str=ChkStr
    Str=Trim(Str)
    If IsNull(Str) Then
        CheckStr = ""
        Exit Function
    End If
    Dim re
    Set re=new RegExp
    re.IgnoreCase =True
    re.Global=True
    re.Pattern="(\r\n){3,}"
    Str=re.Replace(Str,"$1$1$1")
    Set re=Nothing
    Str = Replace(Str,"’","’’")
    Str = Replace(Str, "select", "select")
    Str = Replace(Str, "join", "join")
    Str = Replace(Str, "union", "union")
    Str = Replace(Str, "where", "where")
    Str = Replace(Str, "insert", "insert")
    Str = Replace(Str, "delete", "delete")
    Str = Replace(Str, "update", "update")
    Str = Replace(Str, "like", "like")
    Str = Replace(Str, "drop", "drop")
    Str = Replace(Str, "create", "create")
    Str = Replace(Str, "modify", "modify")
    Str = Replace(Str, "rename", "rename")
    Str = Replace(Str, "alter", "alter")
    Str = Replace(Str, "cast", "cast")
    CheckStr=Str
End Function

Function UnCheckStr(Str) ’檢查非法sql命令
        Str = Replace(Str, "select", "select")
        Str = Replace(Str, "join", "join")
        Str = Replace(Str, "union", "union")
        Str = Replace(Str, "where", "where")
        Str = Replace(Str, "insert", "insert")
        Str = Replace(Str, "delete", "delete")
        Str = Replace(Str, "update", "update")
        Str = Replace(Str, "like", "like")
        Str = Replace(Str, "drop", "drop")
        Str = Replace(Str, "create", "create")
        Str = Replace(Str, "modify", "modify")
        Str = Replace(Str, "rename", "rename")
        Str = Replace(Str, "alter", "alter")
        Str = Replace(Str, "cast", "cast")
        UnCheckStr=Str
End Function

分享：解析有關(guān)eWebEditor網(wǎng)頁編輯器的漏洞
首先介紹編輯器的一些默認特征：默認登陸admin_login.asp 默認數(shù)據(jù)庫db/ewebeditor.mdb 默認帳號admin密碼admin或admin888 在baidu/google搜索inurl:ewebeditor 幾萬的站起碼有幾千個是具有默認特征的，那么試一下默認后臺 http://www.xxx.com.cn/admin/eweb