IdeaCMS网站内容管理系统是主要服务于中小企业的CMS内容管理系统,一般的开发人员能够使用系统提供的模块以最低的成本、最少的人力投入在最短的时间内架设一个功能齐全、性能优异 的网站平台。 IdeaCMS是基于ASP+Access/ASP+MSSQL开发的网站内容管理系统,这样一般的开发人员都能比较轻松的掌握本系统。目前本系统集成了简介类模块,新闻类模块,产品类模 块,视频类模块,图片类模块,下载类模块。并且有评论,订单,应聘等插件供选择。并支持生成静态网站,方便搜索引擎收录。 本系统从2007年发布至今经历了1.0,1.1,2.0,3.0, 4.0四个版本,受到了许多用户的肯定以及市场的检验,并不断吸收来自各方面的发展建议和成功经验,其功能不断完善和发展,目前系统不仅适用于企业网站,也适合门户、政府、学校、以 及其他各种资讯类网站使用。 详细说明: <!--#include file="inc/Main_Class.asp"--> <% '**************************************************** 'Code for IdeaCMS '**************************************************** dim action,str,page,sql,MesTitle,LinkName,Content,validcode,Company,Address,Telephone,Email,back action=filterPara(getForm("action","get")) : str=filterPara(getForm("str","get")) : page=filterPara(getForm("page","get")) MesTitle=filterPara(getForm("MesTitle","post")) : LinkName=filterPara(getForm("LinkName","post")) : Content=codeTextarea(filterPara(getForm("Content","post")),"en") Company=filterPara(getForm("LinkComp","post")) : Address=filterPara(getForm("LinkAddr","post")) : Telephone=filterPara(getForm("LinkTel","post")) : Email=filterPara (getForm("LinkEmail","post")) back="GuestBook.asp" if action="add" then if isNul(Content) then alertback "内容为空!" validcode = replace(filterPara(getForm("input_yzm","post")),"'","") if Session("GetCode")<>validcode then alert "验证码错误!",back else sql="insert into {pre}GuestBook(MesTitle,LinkName,Content,Company,Address,Telephone,Email) values ('"&MesTitle&"','"&LinkName&"','"&Content&"','"&Company&"','"&Address&"','"&Telephone&"','"&Email&"')" conn.db sql,"0" if err then err.clear : alert "留言添加失败",back else if cint(guestmode)=1 then alert "留言添加成功,将在审核后显示!",back else alert "留言添加成 功!",back end if end if if isNul(page) then page=1 else if isNum(page) then page=clng(page) else alert "参数错误!",back end if dim templateobj,channelTemplatePath : set templateobj = mainClassobj.createObject("MainClass.template") dim channelTemplateName,channelStr channelTemplatePath = PubPath("guestbook.html") with templateObj : .load(channelTemplatePath) : .parseComm() : .parseColumn() : .parseChannel("") : .parseList 0,page,"guestlist","" : .parseIf() : channelStr = .content : end with if str="签写留言" then channelStr = replace(channelStr,"id=guestlist>","id=guestlist style=display:none>") channelStr = replace(channelStr,"id=guestwrite style=display:none>","id=guestwrite>") end if Echo channelStr set templateobj =nothing : terminateAllObjects %> 跟踪 getForm 和filterPara Function getForm(element,mtype) Select case mtype case "get" getForm=trim(request.QueryString(element)) case "post" getForm=trim(request.Form(element)) case else if isNul(request.QueryString(element)) then getForm=trim(request.Form(element)) else getForm=trim(request.QueryString(element)) End Select End Function 去掉空格 继续跟踪函数 Function filterPara(byVal Para) filterPara=preventSqlin(filterStr(Para,"jsiframe")) End Function 先来看看 Function preventSqlin(content) dim sqlStr,sqlArray,i,speStr sqlStr="%27|*|and|exec|dbcc|alter|drop|insert|select|update|delete|count|master|truncate|char|declare|where|set|declare|mid|chr" if isNul(content) then Exit Function sqlArray=split(sqlStr,"|") for i=lbound(sqlArray) to ubound(sqlArray) if instr(lcase(content),sqlArray(i))<>0 then alertback "你提交的数据含非法字符" : Exit Function next preventSqlin=content End Function 你还想注入么???? 再看 '去除html格式 Function filterStr(Byval str,Byval filtertype) if isNul(str) then filterStr = "" : Exit Function dim regObj, outstr,rulestr : set regObj = New Regexp regObj.IgnoreCase = true : regObj.Global = true Select case filtertype case "html" rulestr = "(<[a-zA-Z].*?>)|(<[\/][a-zA-Z].*?>)" case "jsiframe" rulestr = "(<(script|iframe).*?>)|(<[\/](script|iframe).*?>)" end Select regObj.Pattern = rulestr outstr = regObj.Replace(str, "") outstr=replace(outstr,"{ideacms:page}","") outstr=replace(outstr," ","") set regObj = Nothing : filterStr = outstr End Function 这是过滤html么 绕过之 <style/onload=alert(/welcome to www.2cto.com by mOon/)> 修复方案: 各种过滤!!!!! 作者 www.moonhack.org
查看更多关于IdeaCMS XDAY及修复 - 网站安全 - 自学php的详细内容...