防SQL注入检测

'--- 防SQL注入检测
    Public Sub ChkSQLInWord()
        If int(Format_Mid_Num(44))=0 or NoChkSqlInFiles=True Then Exit Sub
        Dim InWordStr,NameStrPost,NameStrGet,NameStrCookie,i
        Dim FormWord,QueryStringWord,CookiesWord,ReChkSQLIn
        Web_SqlInword = Trim(Web_SqlInword)
        If Web_SqlInword="" then Exit Sub
        InWordStr = Split(LCase(Web_SqlInword),",")
        For Each NameStrPost In Request.Form          'POST
            FormWord = FormWord & "|" & Request.Form(NameStrPost)
        Next
        For Each NameStrGet In Request.QueryString     'GET
            QueryStringWord = QueryStringWord & "|" & Request.QueryString(NameStrGet)
        Next
        For Each NameStrCookie In Request.Cookies(Web_Cookies) 'Cookies
            CookiesWord = CookiesWord & "|" & Request.Cookies(Web_Cookies)(NameStrCookie)
        Next
        FormWord    = LCase(FormWord)
        Set ReChkSQLIn = new RegExp
        ReChkSQLIn.IgnoreCase=True
        ReChkSQLIn.Global=True
        ReChkSQLIn.Pattern = "\[code\](.|\n)*\[\/code\]"
        FormWord = ReChkSQLIn.Replace(FormWord,"")
        set ReChkSQLIn = nothing
        QueryStringWord    = LCase(QueryStringWord)
        CookiesWord    = LCase(CookiesWord)
        For i=0 To Ubound(InWordStr)
            If Instr(LCase(FormWord),InWordStr(i))<>0 Then
                Call SaveSQLLOG(1,FormWord)
            End If
            If Instr(LCase(QueryStringWord),InWordStr(i))<>0 Then
                Call SaveSQLLOG(2,QueryStringWord)
            End If
            If Instr(LCase(CookiesWord),InWordStr(i))<>0 Then
                Call SaveSQLLOG(3,CookiesWord)
            End If
        Next
    End Sub

    '--- 记录Sql注入事件
    Public Sub SaveSQLLOG(sSqlType,sCommand)
        Dim StrType,sTemp,SQLErrNum,IPstr,SQLErrIp,IPstrErr
        IPstr = Cstr(UserTrueIP)
        IPstrErr = Int(Replace(IPstr,".",""))
        SQLErrNum = Session_Get("SQLErrNum")
        SQLErrIp = Int(Session_Get("SQLErrIp"))
        If Not IsNumeric(SQLErrNum) Then
            SQLErrNum = 1
        Else
            SQLErrNum = Clng(SQLErrNum)+1
        End If
        Session_Set "SQLErrNum",SQLErrNum
        Select Case CInt(sSqlType)
        Case 1 : StrType="SQL注入(POST)"
        Case 2 : StrType="SQL注入(GET)"
        Case 3 : StrType="SQL注入(Cookies)"
        Case Else : StrType="SQL注入[非法查询数据表]"
        End Select
        If SQLErrNum >= Int(SqlInNumber) Then        '如果大于此数值将直接过滤禁止此IP
            If IPstr<>"" And ""&SQLErrIp&""<>""&IPstrErr&"" Then
                Call Exel("Insert into [DB_SqlLog] (ScriptName,S_Info,ip,Type) values ('"&CheckStr(URLDecode(Server.URLEnCode(ScriptTmp)))&"','"&Checkstr(Server.HTMLEnCode(Left(sCommand,250)))&"','"&UserTrueIP&"','"&StrType&"')",0)
                If Trim(Web_LockIP)<>"" Then
                    Web_LockIP = Replace(Trim(Web_LockIP),IPstr,"")
                    Web_LockIP = Replace(Web_LockIP,"||","|")
                    IPstr = Web_LockIP & "|" & IPstr
                End If
                IPstr = Replace(Replace(IPstr,"'",""),"||","|")
                Call Exec("Update DB_Configs Set LockIP='"&IPstr&"'",0)
                Call Exec("Delete From DB_IpStop Where S_Ip='"&IPstr&"'",0)
                Call Exel("Insert into [DB_SqlLog] (ScriptName,S_Info,ip,Type) values ('"&CheckStr(URLDecode(Server.URLEnCode(ScriptTmp)))&"','"&Checkstr(Server.HTMLEnCode(Left(sCommand,250)))&"','"&UserTrueIP&"','"&StrType&"')",0)
                Session_Set "SQLErrIp",IPstrErr
                Cache_Del("Web_Info")
                Cookies_Delele()
                Session_Del("SQLErrNum")
                ClsErr("<meta http-equiv=""Refresh"" content=""5; url=./"" />您执行了非法操作次数已经超过 "&SqlInNumber&" 次，共 "&SQLErrNum&" 次，IP已经自动过滤(IP已经自动封闭)！<br />操作ＩＰ："&UserTrueIP&"<br />操作时间："&SqlNowString&"<br />操作页面："&ScriptTmp&"<br />操作方式："&StrType&"<br />提交数据："&sCommand&"<br />")
            Else
                ClsErr("<meta http-equiv=""Refresh"" content=""5; url=./"" />您执行了非法操作次数已经超过 "&SqlInNumber&" 次，共 "&SQLErrNum&" 次，IP已经自动过滤(IP已经自动封闭)！<br />操作ＩＰ："&UserTrueIP&"<br />操作时间："&SqlNowString&"<br />操作页面："&ScriptTmp&"<br />操作方式："&StrType&"<br />提交数据："&sCommand&"<br />")
            End If
        Else
            If SQLErrNum > Int(SqlInNumber/2) Then
                If ""&SQLErrIp&""<>""&IPstrErr&"" Then
                    Call Exec("Insert into [DB_IpStop] (s_ip,s_username,s_tim_star,s_tim_end,s_dl_num,s_style,s_yj_stop) values('"&UserTrueIP&"','"&StrType&"','"&now_time&"','"&DateAdd("s",int(Format_Mid_Num(37)),now_time)&"','"&SQLErrNum&"',1,0)",0)
                Else
                    Call Exec("Update DB_IpStop Set S_Tim_Star='"&now_time&"',S_Tim_End='"&DateAdd("s",int(Format_Mid_Num(37)),now_time)&"',S_Dl_Num=S_Dl_Num+1 Where S_Ip='"&UserTrueIP&"'",0)
                End If
                Call Exel("Insert into [DB_SqlLog] (ScriptName,S_Info,ip,Type) values ('"&CheckStr(URLDecode(Server.URLEnCode(ScriptTmp)))&"','"&Checkstr(Server.HTMLEnCode(Left(sCommand,250)))&"','"&UserTrueIP&"','"&StrType&"')",0)
                Cache_Del("IPLock")
                ClsErr("<meta http-equiv=""Refresh"" content=""5; url=./"" />您执行了非法操作次数已经超过 "&SQLErrNum&" 次，IP已经自动锁定！<br />操作ＩＰ："&UserTrueIP&"<br />操作时间："&SqlNowString&"<br />操作页面："&ScriptTmp&"<br />操作方式："&StrType&"<br />提交数据："&sCommand&"<br />")
            End If
            If IPstr<>"" Then
                Call Exel("Insert into [DB_SqlLog] (ScriptName,S_Info,ip,Type) values ('"&CheckStr(URLDecode(Server.URLEnCode(ScriptTmp)))&"','"&Checkstr(Server.HTMLEnCode(Left(sCommand,250)))&"','"&UserTrueIP&"','"&StrType&"')",0)
                ClsErr("<meta http-equiv=""Refresh"" content=""5; url=./"" />您执行了非法操作，操作已被禁止并作了如下记录↓"&SQLErrNum&"<br />操作ＩＰ："&UserTrueIP&"<br />操作时间："&SqlNowString&"<br />操作页面："&ScriptTmp&"<br />操作方式："&StrType&"<br />提交数据："&sCommand&"")
            End If
        End If
    End Sub

文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
相关日志: