www.gusucode.com > 中网景企业网站管理系统 2008源码程序 > common/fzr.asp
<% Dim zrchar,zrchars,zrxh,zritem Dim zrfso,zrtree,zrfile1,zrfile2,zrfile3 Dim zrfs If Request.QueryString<>"" Then '自定义需要过滤的字串,用 "|" 分隔 zrchar = "'|;|%|*|and|exec|insert|select|delete|update|count|chr|mid|master|truncate|char|declare" zrchars = split(zrchar,"|") For Each zritem In Request.QueryString For zrxh=0 To Ubound(zrchars) If Instr(LCase(Request.QueryString(zritem)),zrchars(zrxh))<>0 Then Response.Write "内容含有非法字符!请不要有'或and或or等字符,请去掉这些字符再发!!<br>" Response.Write "如是要攻击网站,系统记录了你的操作↓<br>" Response.Write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")&"<br>" Response.Write "操作时间:"&Now&"<br>" Response.Write "操作页面:"&Request.ServerVariables("URL")&"<br>" Response.Write "提交方式:GET<br>" Response.Write "提交参数:"&zritem&"<br>" Response.Write "提交数据:"&Request.QueryString(zritem) '写入文件 set zrfso=Server.CreateObject("Scripting.FileSystemObject") zrtree=server.mappath("fhack")&"\" if (zrfso.FolderExists(zrtree)) then else zrfso.CreateFolder(zrtree) end if zrfile1=chan_file(now) zrfile2=zrfile1&".txt" zrfile3=zrtree&"\"&zrfile2 'dim zrfso,zrfs set zrfs=zrfso.CreateTextFile(zrfile3,2,true) '写文件 zrfs.write "操作IP:"&Request.ServerVariables("REMOTE_ADDR")& vbcrlf zrfs.write "操作时间:"&Now & vbcrlf zrfs.write "操作页面:"&Request.ServerVariables("URL") & vbcrlf zrfs.write "提交方式:GET" & vbcrlf zrfs.write "提交参数:"&zritem & vbcrlf zrfs.write "提交数据:"&Request.QueryString(zritem) zrfs.close set zrfs=nothing set zrfso=nothing Response.Write "<Script Language=JavaScript>alert('内容含有非法字符!');</Script>" Response.End End If Next Next End If const Lang=2 const UpDir="../" const contentfile="content.asp" const isBBS=0 const isImgButton=0 const tvwidth=216 const tvheight=162 const cnkrc="" const thedm="" function chan_file(shijian)'转换日期时间函数 Dim s_year,s_month,s_day,s_hour,s_minute,s_ss s_year=year(shijian) if len(s_year)=2 then s_year="20"&s_year s_month=month(shijian) if s_month<10 then s_month="0"&s_month s_day=day(shijian) if s_day<10 then s_day="0"&s_day s_hour=hour(shijian) if s_hour<10 then s_hour="0"&s_hour s_minute=minute(shijian) if s_minute<10 then s_minute="0"&s_minute s_ss=second(shijian) if s_ss<10 then s_ss="0"&s_ss chan_file = s_year & s_month & s_day & s_hour & s_minute & s_ss end function %>