<%
dim flashack_post,flashack_get,flashack_in,flashack_inf,flashack_xh,flashack_db,flashack_dbstr
flashack_in = "※;※and※exec※insert※select※delete※update※count※*※%※chr※mid※master※truncate※char※declare"
flashack_inf = split(flashack_in,"※")
if request.form<>"" then
for each flashack_post in request.form
for flashack_xh=0 to ubound(flashack_inf)
if instr(lcase(request.form(flashack_post)),flashack_inf(flashack_xh))<>0 then
response.write "<scrīpt language=javascrīpt>alert(flashack防注入系统提示你↓/n/n请不要在参数中包含非法字符尝试注入,qq:80201222!/n/nhttp://www.flashack.com);</scrīpt>"
response.write "非法操作!系统做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:post<br>"
response.write "提交参数:"&flashack_post&"<br>"
response.write "提交数据:"&request.form(flashack_post)
response.end
end if
next
next
end if
if request.querystring<>"" then
for each flashack_get in request.querystring
for flashack_xh=0 to ubound(flashack_inf)
if instr(lcase(request.querystring(flashack_get)),flashack_inf(flashack_xh))<>0 then
response.write "<scrīpt language=javascrīpt>alert(flashack防注入系统提示你↓/n/n请不要在参数中包含非法字符尝试注入,qq:80201222!/n/nhttp://www.flashack.com);</scrīpt>"
response.write "非法操作!flashack已经给你做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:get<br>"
response.write "提交参数:"&flashack_get&"<br>"
response.write "提交数据:"&request.querystring(flashack_get)
response.end
end if
next
next
end if
%>
conn里加上这个就没漏洞了。