| 网站首页 | 业界新闻 | 小组 | 威客 | 人才 | 下载频道 | 博客 | 代码贴 | 在线编程 | 编程论坛
欢迎加入我们,一同切磋技术
用户名:   
 
密 码:  
共有 729 人关注过本帖
标题:谁可以把你们的conn.asp有什么漏洞
只看楼主 加入收藏
rtc
Rank: 2
等 级:新手上路
威 望:4
帖 子:590
专家分:0
注 册:2007-6-6
收藏
 问题点数:0 回复次数:4 
谁可以把你们的conn.asp有什么漏洞

谁可以把你们的conn.asp就是包含文件ASP
提供一下!
我想看看应该过滤什么
我先写给自己的
有什么漏洞说说
<%
set cn = server.CreateObject("adodb.connection")
cn.open "Driver={Microsoft Access Driver (*.mdb)};DBQ=" & server.MapPath("Rin520#v002223232.mdb")

%>


<%
Sub BrandNewDay()
Dim sDate, y, m, d, w
Dim sDateChinese
sDate = Date()
If Application("date_today") = sDate Then Exit Sub

y = CStr(Year(sDate))
m = CStr(Month(sDate))
If Len(m) = 1 Then m = "0" & m
d = CStr(Day(sDate))
If Len(d) = 1 Then d = "0" & d
w = WeekdayName(Weekday(sDate))
sDateChinese = y & "?ê" & m & "??" & d & "è?&nbsp;" & w

Application.Lock
Application("date_today") = sDate
Application("date_chinese") = sDateChinese '??ììμ??D???ùê?
Application.Unlock
End Sub
%>
<%
' ============================================
' °?×?·?′???DDHTML?a??,ì???server.htmlencode
' è¥3yHtml??ê?£?ó?óú??ê?ê?3?
' ============================================
Function outHTML(str)
Dim sTemp
sTemp = str
outHTML = ""
If IsNull(sTemp) = True Then
Exit Function
End If
sTemp = Replace(sTemp, "&", "&amp;")
sTemp = Replace(sTemp, "<", "&lt;")
sTemp = Replace(sTemp, ">", "&gt;")
sTemp = Replace(sTemp, Chr(34), "&quot;")
sTemp = Replace(sTemp, Chr(10), "<br>")
outHTML = sTemp
End Function

' ============================================
' è¥3yHtml??ê?£?ó?óú′óêy?Y?a?Dè?3??μì?è?ê?è??òê±
' ×¢òa£ovalue="?"?a±?ò??¨òaó???òyo?
' ============================================
Function inHTML(str)
Dim sTemp
sTemp = str
inHTML = ""
If IsNull(sTemp) = True Then
Exit Function
End If
sTemp = Replace(sTemp, "&", "&amp;")
sTemp = Replace(sTemp, "<", "&lt;")
sTemp = Replace(sTemp, ">", "&gt;")
sTemp = Replace(sTemp, Chr(34), "&quot;")
inHTML = sTemp
End Function
%>
<%
Function Get_SafeStr(str)
Get_SafeStr = Replace(Replace(Replace(Trim(str), "'", ""), Chr(34), ""), ";", "")
End Function

' ============================================
' è?êμ?ê×?·?3¤?è
' ============================================
Function Get_TrueLen(str)
Dim l, t, c, i
l = Len(str)
t = l
For i = 1 To l
c = Asc(Mid(str, i, 1))
If c < 0 Then c = c + 65536
If c > 255 Then t = t + 1
Next
Get_TrueLen = t
End Function

' ============================================
' ?D??ê?·?°2è?×?·?′?,?ú×¢2áμ???μèì?êa×????Dê1ó?
' ============================================
Function IsSafeStr(str)
Dim s_BadStr, n, i
s_BadStr = "' ??&<>?%,;:()`~!@#$^*{}[]|+-=" & Chr(34) & Chr(9) & Chr(32)
n = Len(s_BadStr)
IsSafeStr = True
For i = 1 To n
If Instr(str, Mid(s_BadStr, i, 1)) > 0 Then
IsSafeStr = False
Exit Function
End If
Next
End Function


%>


<%
''过滤提交表单中的SQL

''==========================

function ForSqlForm(form_title)

dim fqys,errc,i,items

dim nothis(18)

nothis(0)="net user"

nothis(1)="xp_cmdshell"

nothis(2)="/add"

nothis(3)="exec%20master.dbo.xp_cmdshell"

nothis(4)="net localgroup administrators"

nothis(5)="select"

nothis(6)="count"

nothis(7)="asc"

nothis(8)="char"

nothis(9)="mid"

nothis(10)="''"

nothis(11)="iframe"

nothis(12)=""""

nothis(13)="insert"

nothis(14)="delete"

nothis(15)="drop"

nothis(16)="truncate"

nothis(17)="from"

nothis(18)="%"

''nothis(19)="@"

errc=false

for i= 0 to ubound(nothis)

for each items in request.Form

if instr(form_title,nothis(i))<>0 then

response.write("<div class='menu'>")

response.write("你所填写的信息:" & server.HTMLEncode(request.Form(items)) & "<br>含非法字符:" & nothis(i))

response.write("</div>")

response.write("对不起,你所填写的信息含非法字符!<a href=""#"" onclick=""history.back()"">返回</a>")

response.End()

end if

next

next

end function

''==========================
%>

搜索更多相关主题的帖子: conn 漏洞 asp 
2007-07-05 11:50
ztxbeyond
Rank: 1
等 级:新手上路
帖 子:12
专家分:0
注 册:2007-7-4
收藏
得分:0 
加一条容错语句

2007-07-05 13:41
rtc
Rank: 2
等 级:新手上路
威 望:4
帖 子:590
专家分:0
注 册:2007-6-6
收藏
得分:0 
给代码吖!!!!!!!
2007-07-05 15:59
rtc
Rank: 2
等 级:新手上路
威 望:4
帖 子:590
专家分:0
注 册:2007-6-6
收藏
得分:0 

谁可以给!!!!!!!!!

2007-07-06 19:58
rtc
Rank: 2
等 级:新手上路
威 望:4
帖 子:590
专家分:0
注 册:2007-6-6
收藏
得分:0 

谁可以给给!!!!!!!!!

2007-07-07 09:53
快速回复:谁可以把你们的conn.asp有什么漏洞
数据加载中...
 
   



关于我们 | 广告合作 | 编程中国 | 清除Cookies | TOP | 手机版

编程中国 版权所有,并保留所有权利。
Powered by Discuz, Processed in 0.041554 second(s), 7 queries.
Copyright©2004-2024, BCCN.NET, All Rights Reserved