<%
''''--------定义部份------------------
dim fy_post,fy_get,fy_in,fy_inf,fy_xh,fy_db,fy_dbstr
''''自定义需要过滤的字串,用 "防" 分隔
fy_in = "''''防;防and防exec防insert防select防delete防update防count防*防%防chr防mid防master防truncate防char防declare防<防>防=防|防-防_"
fy_inf = split(fy_in,"防")
if request.form<>"" then
for each fy_post in request.form
for fy_xh=0 to ubound(fy_inf)
if instr(lcase(request.form(fy_post)),fy_inf(fy_xh))<>0 then
response.write "<script language=javascript>alert(''''网长友情提示黑客大侠↓请不要在参数中包含非法字符尝试注入攻击本站,本站做起来很不容易的.俺是菜鸟,好怕怕,放俺一马吧!给俺留言'''');</script>"
response.write "非法操作!本站已经给大侠您做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:post<br>"
response.write "提交参数:"&fy_post&"<br>"
response.write "提交数据:"&request.form(fy_post)
response.end
end if
next
next
end if
if request.querystring<>"" then
for each fy_get in request.querystring
for fy_xh=0 to ubound(fy_inf)
if instr(lcase(request.querystring(fy_get)),fy_inf(fy_xh))<>0 then
response.write "<script language=javascript>alert(''''网长友情提示黑客大侠↓请不要在参数中包含非法字符尝试注入攻击本站,本站做起来很不容易的.俺是菜鸟,好怕怕,放俺一马吧!给俺留言'''');</script>"
response.write "非法操作!本站已经给大侠您做了如下记录↓<br>"
response.write "操作ip:"&request.servervariables("remote_addr")&"<br>"
response.write "操作时间:"&now&"<br>"
response.write "操作页面:"&request.servervariables("url")&"<br>"
response.write "提交方式:get<br>"
response.write "提交参数:"&fy_get&"<br>"
response.write "提交数据:"&request.querystring(fy_get)
response.end
end if
next
next
end if
%>