神马品牌网瑞倪维儿化妆品价格:[!!!]asp提交参数过滤方法
来源:百度文库 编辑:神马品牌网 时间:2024/04/30 04:17:34
我的文件注入漏洞很致命,大家看
id1 = Request("id")
if Request("id")="" then
response.Write("请输入要查看的的ID")
Else
sql="select * from xy_news where id = "+id1
rs.Open sql,conn,1,3
if rs.EOF then
response.redirect "/"
else
在id1 = Request("id")中如何定义id1的类型与长度
我是新手,讲的详细些,在一个就是dim这个东西实干什么用的
我发现我不用他也行!!!!!!!!!
不好用!!!
Microsoft VBScript 运行时错误 错误 '800a000d'
类型不匹配: 'Cint'
/xy/read_news.asp,行4
防注入代码:
定义两个函数.把你的id1用它们检查一下就好.
id1 = Request("id")
SafeReplace(id1)
SafeRequest(id1,1)
if Request("id")="" then
response.Write("请输入要查看的的ID")
Else
sql="select * from xy_news where id = "+id2
rs.Open sql,conn,1,3
if rs.EOF then
response.redirect "/"
else
...
<%
Function SafeReplace(ParaName)
'--- 传入参数 ---
'ParaName:参数名称-字符型
Dim Paravalue
Paravalue=LCase(Trim(ParaName))
Paravalue=Replace(Paravalue,"select","")
Paravalue=Replace(Paravalue,"insert","")
Paravalue=Replace(Paravalue,"updata","")
Paravalue=Replace(Paravalue,"addnew","")
Paravalue=Replace(Paravalue,"delete","")
Paravalue=Replace(Paravalue,"order","")
Paravalue=Replace(Paravalue,"and","")
Paravalue=Replace(Paravalue,"or","")
Paravalue=Replace(Paravalue,"exec","")
Paravalue=Replace(Paravalue,"--","")
Paravalue=Replace(Paravalue,"-","")
Paravalue=Replace(Paravalue,";","")
Paravalue=Replace(Paravalue,"%","")
Paravalue=Replace(Paravalue,"<","")
Paravalue=Replace(Paravalue,">","")
Paravalue=Replace(Paravalue,"(","")
Paravalue=Replace(Paravalue,")","")
Paravalue=Replace(Paravalue,"window.open","")
Paravalue=Replace(Paravalue,"window.close","")
Paravalue=Replace(Paravalue,"while(1)","")
Paravalue=Replace(Paravalue,"script","")
Paravalue=Replace(Paravalue,"'","")
Paravalue=Replace(Paravalue,chr(34),"")
Paravalue=Replace(Paravalue,chr(39),"")
SafeReplace=Paravalue
End function
Function SafeRequest(ParaName,ParaType)
'--- 传入参数 ---
'ParaName:参数名称-字符型
'ParaType:参数类型-数字型(1表示以上参数是数字,0表示以上参数为字符)
Dim Paravalue
Paravalue=Request(ParaName)
If ParaType=1 then
'添加非空判断 Paravalue=replace(Paravalue,"-","")
If Paravalue="" then
'Response.write "参数" & ParaName & "不能为空!"
Response.Write("<script language='javascript1.2'>history.go(-1)</script>")
Response.end
elseIf not isNumeric(Paravalue) then
'Response.write "参数" & ParaName & "必须为数字型!"
Response.Write("<script language='javascript1.2'>history.go(-1)</script>")
Response.end
End if
Else
Paravalue=replace(Paravalue,"'","''")
End if
SafeRequest=Paravalue
End function
%>
http://club.heima.com/forum_display.aspx?forumid=100484&categoryid=116
Dim用来声明变量,变量声明后可以被该程序所包含的Sub和Function共享。
在ASP里可以不定义变量,直接使用
可以用LEN()函数来判断id1的长度
类型判断也有很多方面
比如非法字符,等
你的数据库的查询那个地方可能会出问题的
建议改为:
id1 = Request("id")
id1=Cint(id1)
if Request("id")="" then
response.Write("请输入要查看的的ID")
Else
sql="select * from xy_news where id = "+id2
rs.Open sql,conn,1,3
if rs.EOF then
response.redirect "/"
else
http://club.heima.com/forum_display.aspx?forumid=100484&categoryid=116
楼主,贴代码要贴全,问问题要问仔细~~~