破解asp网页sql注入漏洞
来源:互联网 发布:python 列表 replace 编辑:程序博客网 时间:2024/06/03 21:21
<%
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa
On Error Resume Next
Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|--|script|*|char|set|(|)"
aa="heike.txt" '------------------------------------------如入侵记录保存文件
Fy_Inf = split(Fy_In,"|")
'1--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cook'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "哈哈!你要倒霉了!"
Response.Write "<br><hr>"
Response.End
end Sub
%>
把上面的代码拷贝到conn.asp中即可
Dim Fy_Post,Fy_Get,Fy_cook,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,aa
On Error Resume Next
Fy_In = "'|exec|insert|select|delete|update|count|chr|truncate|char|declare|--|script|*|char|set|(|)"
aa="heike.txt" '------------------------------------------如入侵记录保存文件
Fy_Inf = split(Fy_In,"|")
'1--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
flyaway1=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'post'+"&Fy_post&"+"&replace(Request.Form(Fy_post),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway1
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'2--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
flyaway2=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'get'+"&Fy_get&"+"&replace(Request.QueryString(Fy_get),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway2
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
'3--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_cook In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_cook)),Fy_Inf(Fy_Xh))<>0 Then
flyaway3=""&Request.ServerVariables("REMOTE_ADDR")&","&Request.ServerVariables("URL")&"+'cook'+"&Fy_cook&"+"&replace(Request.Cookies(Fy_cook),"'","*")&""
set fs=server.CreateObject("Scripting.FileSystemObject")
set file=fs.OpenTextFile(server.MapPath(aa),8,True)
file.writeline flyaway3
file.close
set file=nothing
set fs=nothing
call aaa()
End If
Next
Next
End If
Sub aaa()
Response.Write "哈哈!你要倒霉了!"
Response.Write "<br><hr>"
Response.End
end Sub
%>
把上面的代码拷贝到conn.asp中即可
- 破解asp网页sql注入漏洞
- SQL注入--ASP注入漏洞全接触
- asp终极防范SQL注入漏洞
- ASP+ACCESS SQL注入漏洞修复代码
- SQL注入天书 - ASP注入漏洞全接触
- SQL注入天书 - ASP注入漏洞全接触
- SQL注入天书 - ASP注入漏洞全接触
- SQL注入天书 - ASP注入漏洞全接触
- SQL注入天书 - ASP注入漏洞全接触
- SQL注入天书—ASP注入漏洞全接触
- SQL注入天书—ASP注入漏洞全接触
- SQL注入天书—ASP注入漏洞全接触
- SQL注入天书—ASP注入漏洞全接触
- SQL注入天书—ASP注入漏洞全接触
- SQL注入天书—ASP注入漏洞全接触
- SQL注入天书-ASP注入漏洞全接触 (入门篇)
- SQL注入天书之ASP注入漏洞全接触
- SQL注入天书—ASP注入漏洞全接触
- Fedora 8 Linux下GRUB配置文件详细解析
- 做事情要定阶段性里程碑
- DSOfile,一个修改windows系统文件摘要的好东东。
- IT管理人才必备的十大能力
- Css基础学习
- 破解asp网页sql注入漏洞
- Unit2
- 做个网站,真“雷人”!!
- 用Sql Server 2000的数据库备份来还原Sql Server 2005中的数据库
- webservice 简介
- 《大象--Thinking in UML》已经发售!简介及目录
- 对Url传输参数进行加密和解密
- error LNK2019: unresolved external symbol "__declspec(dllimport) void 遇到的问题以及解决办法
- ASP 打开页面自适应窗口大小最大化