Open Neeao_Inject_Data_Str If Err Then err.Clear Set Neeao_Inject_conn = Nothing Response.Write “数据库连接出错,请检查连接字串。” Response.End End If ‘——–定义部份—————— Dim Neeao_Application_Value Dim Neeao_Post,Neeao_Get,Neeao_Inject,Neeao_Inject_Keyword,Neeao_Kill_IP,Neeao_Write_Data Dim Neeao_Alert_Url,Neeao_Alert_Info,Neeao_Kill_Info,Neeao_Alert_Type Dim Neeao_Sec_Forms,Neeao_Sec_Form_open,Neeao_Sec_Form If IsArray(Application(“Neeao_config_info”))=False Then Call PutApplicationValue() Neeao_Application_Value = Application(“Neeao_config_info”) ‘获取配置信息 Neeao_Inject = Neeao_Application_Value(0) Neeao_Kill_IP = Neeao_Application_Value(1) Neeao_Write_Data = Neeao_Application_Value(2) Neeao_Alert_Url = Neeao_Application_Value(3) Neeao_Alert_Info = Neeao_Application_Value(4) Neeao_Kill_Info = Neeao_Application_Value(5) Neeao_Alert_Type = Neeao_Application_Value(6) Neeao_Sec_Forms = Neeao_Application_Value(7) Neeao_Sec_Form_open = Neeao_Application_Value(8) ‘安全表单参数 Neeao_Sec_Form = split(Neeao_Sec_Forms,”|”) Neeao_Inject_Key
word = split(Neeao_Inject,”|”) If Neeao_Kill_IP=1 Then Stop_IP If Request.Form<>”" Then StopInjection(Request.Form) If Request.QueryString<>”" Then StopInjection(Request.QueryString) If Request.Cookies<>”" Then StopInjection(Request.Cookies) Function Stop_IP() Dim Sqlin_IP,rsKill_IP,Kill_IPsql Sqlin_IP=Request.ServerVariables(“REMOTE_ADDR”) Kill_IPsql=”select Sqlin_IP from SqlIn where Sqlin_IP=’”&;Sqlin_IP&;”‘ and kill_ip=true” Set rsKill_IP=Neeao_Inject_conn.execute(Kill_IP
sql) If Not(rsKill_IP.eof or rsKill_IP.bof) Then N_Alert(Neeao_Kill_Info) Response.End
End If rsKill_IP.close End Function ’sql 通用防注入主函数 Function StopInjection(values) Dim Neeao_Get,Neeao_i For Each Neeao_Get In values ’安全表单功能 If Neeao_Sec_Form_open = 1 Then For Neeao_i=0 To UBound(Neeao_Sec_Form) If LCase(Ne
eao_Get)=LCase(Neeao_Sec_Form(Neeao_i)) Then Exit Function else Call Select_BadChar(values,Neeao_Get) End If Next Else Call Select_BadChar(values,Neeao_Get) End If Next End Function ‘查找关键字 Function Select_BadChar(values,Neeao_Get) Dim Neeao_Xh Dim Neeao_ip,Neeao_url,Neeao_sql Neeao_ip = Request.ServerVariables(“REMOTE_ADDR”) Neeao_url = Request.ServerVariables(“URL”) For Neeao_Xh=0 To Ubound(Neeao_Inject_Keyword) If Instr(LCase(values(Neeao_Get)),Neeao_Inject_Keyword(Neeao_Xh))<>0 Then If Neeao_Write_Data = 1 Then Neeao_sql = “insert into SqlIn(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values(‘”&;Neeao_ip&;”‘,’”&;Neeao_url&;”‘,’”&;intype(values)&;”‘,’”&;Neeao_Get&;”‘,’”&;N_Replace(value s(Neeao_Get))&;”‘)” ’response.write Neeao_sql Neeao_Inject_conn.Execute(Neeao_sql) Neeao_Inject_conn.close Set Neeao_Inject_conn = Nothing End If N_Alert(Neeao_Alert_Info) Response.End
End If Next End Function ‘输出警告信息 Function N_Alert(Neeao_Alert_Info) Dim str ’response.write “test” str = “<”&;”Script Language=
JavaScript”&;”>” Select Case Neeao_Alert_Type Case 1 str = str &; “window.opener=null; window.close();” Case 2 str = str &; “alert(‘”&;Neeao_Alert_Info&;”Http://Neeao.Com\nBy:Neea