<%
Dim XH_Post,XH_Get,XH_Cookie,XH_In,XH_Inf,XH_Xh
XH_In = "'|;|*|and|union|declare|exec|insert|select|update|delete%20from|drop%20table|create%20table"
XH_Inf = split(XH_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each XH_Post In Request.Form
For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.Form(XH_Post)),XH_Inf(XH_Xh))<>0 Then
slog("<br><br>操作ip:"&Request.ServerVariables("REMOTE_ADDR")&"<br>操作时间:"&Now&"<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式:POST<br>提交参数:"&XH_Post&"<br>提交数据:"&Request.Form(XH_Post))
Response.Write "非法操作"
Response.End
End If
Next
Next
End If
'----------------------------------
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each XH_Get In Request.QueryString
For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.QueryString(XH_Get)),XH_Inf(XH_Xh))<>0 Then
slog("<br><br>操作ip:"&Request.ServerVariables("REMOTE_ADDR")&"<br>操作时间:"&Now&"<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式:GET<br>提交参数:"&XH_Get&"<br>提交数据:"&Request.QueryString(XH_Get))
Response.Write "非法操作"
Response.End
End If
Next
Next
End If
'----------------------------------
'--------COOKIE部份-------------------
If Request.Cookies<>"" Then
For Each XH_Cookie In Request.Cookies
For XH_Xh=0 To Ubound(XH_Inf)
If Instr(LCase(Request.Cookies(XH_Cookie)),XH_Inf(XH_Xh))<>0 Then
slog("<br><br>操作ip:"&Request.ServerVariables("REMOTE_ADDR")&"<br>操作时间:"&Now&"<br>操作页面:"&Request.ServerVariables("URL")&"<br>提交方式:Cookie<br>提交参数:"&XH_Cookie&"<br>提交数据:"&Request.Cookies(XH_Cookie))
Response.Write "非法操作"
Response.End
End If
Next
Next
End If
sub slog(logs)
Dim toppath,fs,Ts,Errorlog
toppath = Server.Mappath("/log.htm")
Set fs = CreateObject("scripting.filesystemobject")
If Not Fs.FILEEXISTS(toppath) Then
Set Ts = fs.createtextfile(toppath, True)
Ts.close
end if
Set Ts= Fs.OpenTextFile(toppath,1)
Do While Not Ts.AtEndOfStream
Errorlog = Errorlog & Ts.ReadLine & chr(13) & chr(10)
loop
Ts.close
Errorlog =Errorlog & logs
Set Ts= Fs.OpenTextFile(toppath,2)
Ts.writeline (Errorlog)
Ts.Close
end sub
%>