IT爱好小子01

  IT博客 :: 首页 :: 联系 :: 聚合  :: 管理
  1 Posts :: 48 Stories :: 2 Comments :: 0 Trackbacks

<%

dim fx,fstr
for each fx in request.QueryString()
fstr=request.QueryString(fx)
fstr=replace(fstr,"%27","'")
if instr(fstr,"'")>0 or instr(fstr,"select ")>0 or instr(fstr,"net user")>0 or instr(fstr,"xp_cmdshell")>0 or instr(fstr,"/add")>0 or instr(fstr,"exec master.dbo.xp_cmdshell")>0 or instr(fstr,"net localgroup administrators")>0 or instr(fstr,"%")>0 or instr(fstr,"delete")>0 or Instr(fstr,"insert 20")>0 or Instr(fstr,"delete from")>0 or Instr(fstr,"count(")>0 or Instr(fstr,"drop table")>0 or Instr(fstr,"update ")>0 or Instr(fstr,"truncate ")>0 or Instr(fstr,"asc(")>0 or Instr(fstr,"mid(")>0 or Instr(fstr,"char(")>0 or Instr(fstr,":")>0 or Instr(fstr," or ")>0 or Instr(fstr," and ")>0then
response.Write("<script>alert('请不要输入特殊字符!');window.close()</script>")
response.End()
end if
next
for each fx in request.Form()
fstr=request.Form(fx)
fstr=replace(fstr,"%27","'")
fstr=replace(fstr,"'","‘")
if instr(fstr,"select%20")>0 or instr(fstr,"net%20user")>0 or instr(fstr,"xp_cmdshell")>0 or instr(fstr,"/add")>0 or instr(fstr,"exec%20master.dbo.xp_cmdshell")>0 or instr(fstr,"net%20localgroup%20administrators")>0 or instr(fstr,"delete")>0 or Instr(fstr,"insert%20")>0 or Instr(fstr,"delete%20from")>0 or Instr(fstr,"count(")>0 or Instr(fstr,"drop%20table")>0 or Instr(fstr,"update%20")>0 or Instr(fstr,"truncate%20")>0 or Instr(fstr,"asc(")>0 or Instr(fstr,"mid(")>0 or Instr(fstr,"char(")>0 or Instr(fstr,"%20or%20")>0 then
response.Write("<script>alert('请不要输入特殊字符!');window.close()</script>")
response.End()
end if
next


dim conn  
dim connstr
'on error resume next
connstr="DBQ="+server.mappath("\guanli\data\system.mdb")+";DefaultDir=;DRIVER={Microsoft Access Driver (*.mdb)};"
set conn=server.createobject("ADODB.CONNECTION")
conn.open connstr
dim nowtime
nowtime=now()
sj=cstr(year(nowtime))+"年"+right("0"+cstr(month(nowtime)),2)+"月"+right("0"+cstr(day(nowtime)),2)+"日"
'#########################################################################
function m_id(m_id_t)
set m_id_rs=conn.execute("select top 1 id from "&m_id_t&" order by id desc")
if m_id_rs.eof then
m_id=1
else
m_id=m_id_rs("id")+1
end if
m_id_rs.close
set m_id_rs=nothing
end function

'#########################################################################
function sqlstr(sql_str)

sqlstr=replace(sql_str,"'","''")

end function

function subname(subname_name)
subname_name=sqlstr(subname_name)

set rs=conn.execute("Select id from class where cname='"&subname_name&"' and cwar=1")
if rs.eof then
rs.close
set rs=nothing
response.write "<script language=javascript>alert('请不要恶心访问本站');</script>请不要恶意访问本网站"
response.end
else
subname=rs(0)
rs.close
set rs=nothing
end if
end function
function namesub(namesub_1)

set rs=conn.execute("Select cname from class where id="&namesub_1)
namesub=rs(0)
rs.close
set rs=nothing

end function
function isnumber(isnumber_id)

if isnumeric(isnumber_id)=true then
isnumber=isnumber_id
else
response.write "<script language=javascript>alert('请不要恶心访问本站');</script>请不要恶意访问本网站"
response.end
end if

end function

function furl(furl_name,furl_url)
furl_id=subname(furl_name)
furl="<a href="&furl_url&"="&furl_id&">"&furl_name&"</a>"
end function


function logsys(xx)
set rs=server.createobject("adodb.recordset")
sql="select * from history"
rs.open sql,conn,1,3
rs.addnew
rs("hdate")=now()
rs("htext")=xx
rs("happly")=request.cookies("aname")
rs("address")=ips()
rs.update
rs.close
set rs=nothing
end function

function ips()
userip = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
If userip = "" Then userip = Request.ServerVariables("REMOTE_ADDR")
ips=userip
end function


strurl=Request.ServerVariables("URL")
Strurl=split(strurl,"/")
i=UBound(strurl,1)
filename=strurl(i)   'Final 文件名
%>

 

 

<%


dim MM_oConn_STRING, db_STRING, strDatabaseType

'******************************************
'***        Microsoft Access         ****
'******************************************

strDatabaseType = "msaccess"
db_STRING = Server.MapPath("/databases/caifuw.mdb")
MM_oConn_STRING = "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & db_STRING

 

%>

 

 

 

<%
Dim ConnStr
Dim DataBaseFilePath
DataBaseFilePath="/nbarticle/Depot/NBArticle.asp"
ConnStr="Provider = Microsoft.Jet.OLEDB.4.0;Data Source =" & Server.MapPath(DataBaseFilePath)
Const sCacheName="NB412426174"
Const SystemFolder="/nbarticle/"
%>

posted on 2008-12-22 09:55 IT爱好者01 阅读(324) 评论(0)  编辑 收藏 引用 所属分类: 网站安全
只有注册用户登录后才能发表评论。