第
![](/icons/79514yi.gif)
![](/icons/79514dou.gif)
![](/icons/79514zifu.gif)
fqys=request.servervariables(\"query_
![](/icons/79514string.gif)
dim nothis(18)
nothis(0)=\"net user\"
nothis(1)=\"xp_cmdshell\"
nothis(2)=\"/add\"
nothis(3)=\"exec%20master.dbo.xp_cmdshell\"
nothis(4)=\"net localgroup administrators\"
nothis(5)=\"select\"
nothis(6)=\"count\"
nothis(7)=\"asc\"
nothis(8)=\"char\"
nothis(9)=\"mid\"
nothis(10)=\"\'\"
nothis(11)=\":\"
nothis(12)=\"\"\"\"
nothis(13)=\"insert\"
nothis(14)=\"delete\"
nothis(15)=\"drop\"
nothis(16)=\"truncate\"
nothis(17)=\"from\"
nothis(18)=\"%\"
errc=false
for i= 0 to ubound(nothis)
![](/icons/79514if.gif)
errc=true
end
![](/icons/79514if.gif)
next
![](/icons/79514if.gif)
response.write \"<script language=\"\"javascript\"\">\"
response.write \"parent.alert(\'很抱歉!你正在试图攻击本服务器或者想取得本服务器最高管理权!将直接转向首页..\');\"
response.write \"self.location.href=\'default.asp\';\"
response.write \"</script>\"
response.end
end
![](/icons/79514if.gif)
第 2种可以防止客户从本地提交到网站WebSite上
<%
server_v1=Cstr(Request.ServerVariables(\"HTTP_REFERER\"))
server_v2=Cstr(Request.ServerVariables(\"SERVER_NAME\"))
![](/icons/79514if.gif)
response.write \"<br><br><center><table border=1 cellpadding=20 bordercolor=black bgcolor=#EEEEEE width=450>\"
response.write \"<tr><td style=font:9pt Verdana>\"
response.write \"你提交
![](/icons/79514de.gif)
![](/icons/79514dou.gif)
response.write \"</td></tr></table></center>\"
response.end
end
![](/icons/79514if.gif)
%>
第 3
![](/icons/79514dou2.gif)
![](/icons/79514de.gif)
If Instr(request(\"username\"),\"=\")>0 or
Instr(request(\"username\"),\"%\")>0 or
Instr(request(\"username\"),chr(32))>0 or
Instr(request(\"username\"),\"?\")>0 or
Instr(request(\"username\"),\"&\")>0 or
Instr(request(\"username\"),\";\")>0 or
Instr(request(\"username\"),\",\")>0 or
Instr(request(\"username\"),\"\'\")>0 or
Instr(request(\"username\"),\"?\")>0 or
Instr(request(\"username\"),chr(34))>0 or
Instr(request(\"username\"),chr(9))>0 or
Instr(request(\"username\"),\"\")>0 or
Instr(request(\"username\"),\"$\")>0 or
Instr(request(\"username\"),\">\")>0 or
Instr(request(\"username\"),\"<\")>0 or
Instr(request(\"username\"),\"\"\"\")>0 then
最新评论