www.gusucode.com > 黑鹰自助链管理系统 1.1 商业版码程序 > conn.asp
<%
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa
On Error Resume Next
Fy_In = "and|exec|insert|select"
aa="heikeshuju.htm" '------------------------------------------如入侵记录保存文件
Fy_Inf = split(Fy_In,"|")
'1--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1="<li>操作IP:<a href='http://tools.hxstat.com/ip/?ip="&Request.ServerVariables("REMOTE_ADDR")&"' target='_blank'>"&Request.ServerVariables("REMOTE_ADDR")&"</a><BR>操作时间:"&Now&"<BR>操作页面:"&Request.ServerVariables("URL")&"<BR>提交方式:POST<BR>提交参数:"&Fy_post&"<BR>提交数据:"&replace(Request.Form(Fy_post),"'","*")&"</li>"
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2="<li>操作IP:<a href='http://tools.hxstat.com/ip/?ip="&Request.ServerVariables("REMOTE_ADDR")&"' target='_blank'>"&Request.ServerVariables("REMOTE_ADDR")&"</a><BR>操作时间:"&Now&"<BR>操作页面:"&Request.ServerVariables("URL")&"<BR>提交方式:GET<BR>提交参数:"&Fy_get&"<BR>提交数据:"&replace(Request.QueryString(Fy_get),"'","*")&"</li>"
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3="<li>操作IP:<a href='http://tools.hxstat.com/ip/?ip="&Request.ServerVariables("REMOTE_ADDR")&"' target='_blank'>"&Request.ServerVariables("REMOTE_ADDR")&"</a><BR>操作时间:"&Now&"<BR>操作页面:"&Request.ServerVariables("URL")&"<BR>提交方式:COOK<BR>提交参数:"&Fy_cook&"<BR>提交数据:"&replace(Request.Cookies(Fy_cook),"'","*")&"</li>"
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "系统提示你↓请不要提交参数中包含非法字符尝试攻击!你的IP:"&Request.ServerVariables("REMOTE_ADDR")&"和攻击时间:"&Now&"已被记录。"
Response.Write "<br><hr>"
Response.End
end Sub
'Rem 过滤HTML代码
function HTMLEncode(fString)
if not isnull(fString) then
fString = replace(fString, ">", ">")
fString = replace(fString, "<", "<")
fString = Replace(fString, CHR(32), " ")
fString = Replace(fString, CHR(9), " ")
fString = Replace(fString, CHR(34), """)
fString = Replace(fString, CHR(39), "'")
fString = Replace(fString, CHR(13), "")
fString = Replace(fString, CHR(10) & CHR(10), " ")
fString = Replace(fString, CHR(10), " ")
fString=ChkBadWords(fString)
HTMLEncode = fString
end if
end function
Db="data/#hymm.asa" '网址站数据库连接地址
sessionvar="www.hymm.net" '设置变量,变量不可以为NO,否则后台无法登陆
%>