安全策略(二)-防SQL注入系统

具体实现方法:
我们经常会遇到有人无聊的想找你网站的漏洞,进行搞破坏!(当然有的人不是!)而发生这样的情况以后,我们又不知道被注入的漏洞发生在什么地方!管理起来也比较的麻烦!
本系统做了以下两个方面的工作:
第一是:记录下攻击者的IP,日志提交页面,提交时间,提交方式,提交参数,操作(注入方式),
第二是:确认是否锁定攻击者的IP地址,以此达到安全的保障!(相对的安全而已,没有决定的安全)

图片演示:

具体作坊为:
在config.asp文件里添加如下代码:

Code:
'##############SQL防注入说明############################
'         随州视窗ehbsz.com  SQL防注入   for GYCMS3.0
'         思客秀gyct.cn      by  gannyle
'         2006-6-26              
'##############SQL防注入说明############################
'--------定义部份------------------
Dim Gyct_Post,Gyct_Get,Gyct_In,Gyct_Inf,Gyct_Xh,Gyct_db,Gyct_dbstr,Kill_IP,WriteSql
'自定义需要过滤的字串,用 "|" 分隔
Gyct_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%

|chr|mid|master|truncate|char|declare"
Kill_IP=True
WriteSql=True
'----------------------------------
Gyct_Inf = split(Gyct_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Gyct_Post In Request.Form
For Gyct_Xh=0 To Ubound(Gyct_Inf)
If Instr(LCase(Request.Form(Gyct_Post)),Gyct_Inf(Gyct_Xh))<>0

Then
If WriteSql=True Then
  call joekoe_cms.exec("insert into fuck

(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables

("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")

&"','POST','"&Gyct_Post&"','"&replace(Request.Form(Gyct_Post),"'","''")&"')",0)
                                        set rs=joekoe_cms.exec(sql,1)
        rs.close
Set conn = Nothing
End If
Response.Write "<Script Language=JavaScript>alert('思

客秀系统提示你,请不要给本站提交任何非法字符或参数尝试注入！');</Script>"
Response.Write "非法操作！系统做了如下记录↓<br>"
Response.Write "操作ＩＰ："&Request.ServerVariables

("REMOTE_ADDR")&"<br>"
Response.Write "操作时间："&Now&"<br>"
Response.Write "操作页面："&Request.ServerVariables

("URL")&"<br>"
Response.Write "提交方式：ＰＯＳＴ<br>"
Response.Write "提交参数："&Gyct_Post&"<br>"
Response.Write "提交数据："&Request.Form(Gyct_Post)
Response.End
End If
Next
Next
End If
'----------------------------------

'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Gyct_Get In Request.QueryString
For Gyct_Xh=0 To Ubound(Gyct_Inf)
If Instr(LCase(Request.QueryString(Gyct_Get)),Gyct_Inf

(Gyct_Xh))<>0 Then
If WriteSql=True Then
call joekoe_cms.exec("insert into fuck

(Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&Request.ServerVariables

("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")

&"','GET','"&Gyct_Get&"','"&replace(Request.QueryString(Gyct_Get),"'","''")&"')",0)
                                        set rs=joekoe_cms.exec(sql,1)
        rs.close
Set conn = Nothing
End If
Response.Write "<Script Language=JavaScript>alert('思

客秀系统提示你,请不要给本站提交任何非法字符或参数尝试注入！');</Script>"
Response.Write "非法操作！系统做了如下记录↓<br>"
Response.Write "操作ＩＰ："&Request.ServerVariables

("REMOTE_ADDR")&"<br>"
Response.Write "操作时间："&Now&"<br>"
Response.Write "操作页面："&Request.ServerVariables

("URL")&"<br>"
Response.Write "提交方式：ＧＥＴ<br>"
Response.Write "提交参数："&Gyct_Get&"<br>"
Response.Write "提交数据："&Request.QueryString

(Gyct_Get)
Response.End
End If
Next
Next
End If

If Kill_IP=True Then
Dim Sqlin_IP,rsKill_IP,Kill_IPsql
Kill_IPsql="select Sqlin_IP from fuck where Sqlin_IP='"&Sqlin_IP&"' and

kill_ip=true"
set rsKill_IP=joekoe_cms.exec(Kill_IPsql,1)
If Not(rsKill_IP.eof or rsKill_IP.bof) Then
Response.write "<Script Language=JavaScript>alert('随州视窗系统提示你,

你的IP已比管理员限制进入！原因可能是你尝试注入本

站！');location.href='about:blank'</script><script>window.close();</script>"

Response.End
End If
rsKill_IP.close

End If
'##############SQL防注入说明############################
'         随州视窗ehbsz.com  SQL防注入   for GYCMS3.0
'         思客秀gyct.cn      by  gannyle
'         2006-6-26              
'##############SQL防注入说明############################


以上代码还可以结合原有系统里的ip锁定功能进行IP锁定!

2,建立后台管理功能,新建文件gyct_fuck_sql.asp将下面的代码copy到文件保存!
<!-- #
Code:
include file="include/admin_onlogin.asp" -->
<!-- #include file="../include/jk_ip_sys.asp" -->
<%
admins=true
nsort="fuck"
popedom_num=0
index_url="fuck"
data_name="fuck"
tit_fir="日志"
tit="注入日志"
call admin_header(0,0)
%>
<tr><td align=center colspan=2 height=30>
  <table border=0>
  <tr>
  <td><a href='?'><%response.write tit%></a></td>
  </tr>
  </table>
</td></tr>
</table>
<%
call admin_table(1)

select case action
case "del"
  call joekoe_chk_delete()
case "clear"
  call joekoe_chk_clear()
case "lock"
  Call lockIP()
case "unlock"
   Call UnLockip()
case else
  call gyct_fuck_Main()
end select

call admin_ender(1)

sub joekoe_chk_delete()
  dim sel_id,ddim,dnum,ni
  sel_id=trim(request.form("sel_id"))
  sel_id=replace(sel_id," ","")
  if sel_id="" then
    call joekoe_chk_main()
    exit sub
  end if
  ddim=split(sel_id,",")
  dnum=ubound(ddim)
  ni=0
  for i=0 to dnum
    if isnumeric(ddim(i)) then
      call joekoe_cms.exec("delete from "&data_name&" where id="&ddim(i),0)
      ni=ni+1
    end if
  next
  call admin_msg("已成功删除 "&ni&" 条"&tit_fir&"！","?",1)
end sub

sub joekoe_chk_clear()
  call joekoe_cms.exec("delete from "&data_name,0)
  call admin_msg("已成功清空"&tit_fir&"！","?",1)
end sub

Sub Lockip()
id = clng(request("id"))
call joekoe_cms.exec("update fuck set Kill_ip=true where id="&id,0)
Call gyct_fuck_Main()
End sub

Sub UnLockip()
id = clng(request("id"))
call joekoe_cms.exec("update fuck set Kill_ip=False where id="&id,0)
Call gyct_fuck_Main()
End sub


Sub gyct_fuck_Main()
%>
<form name=sel_form action='?action=del' method=post>
<tr align=center>
<td class=td width='5%'>编号</td>
<td class=td width='15%'>攻击者</td>
<td class=td width='6%'>是否锁定</td>
<td class=td width='20%'><%response.write tit_fir%>提交页面</td>
<td class=td width='20%'>提交时间</td>
<td class=td width='6%'>提交方式</td>
<td class=td width='6%'>提交参数</td>
<td class=td width='15%'>操作</td>
<td class=td width='20%'><input type=checkbox name=sel_all value='yes'

onclick="javascript:select_all(this.form);"></td>
</tr>
<%
sql="select count(id) from "&data_name&sql_add
set rs=joekoe_cms.exec(sql,1)
rssum=rs(0)
rs.close
  call format_pagecute()
  sql="select top "&nummer*viewpage&" * from "&data_name&sql_add&" order by id desc"
  call joekoe_cms.exec(sql,-1)
  rs.open sql,conn,1,1
  if int(viewpage)>1 then rs.move (viewpage-1)*nummer
  if int(viewpage*nummer)>int(rssum) then nums=nummer-(viewpage*nummer-rssum)
  for i=1 to nums
%>
<tr align=center>
<td><%response.write (viewpage-1)*nummer+i%></td>
<td><a href=""&joekoe_cms.web_path&"common/ip_address.asp?ip=?ip=<%=rs("SqlIn_IP")%>"

target="_blank"><%=rs("SqlIn_IP")%></a></td>
<td><%if rs("Kill_ip")=true then
response.write "<font color='red'>已锁定</font>"
else
response.write "<font color='green'>已解锁</font>"
end if
%></td>
<td><%=rs("SqlIn_WEB")%></td>
<td><%=rs("SqlIn_TIME")%></td>
<td><%=rs("SqlIn_FS")%></td>
<td><%=rs("SqlIn_CS")%></td>
<td><%=rs("SqlIn_SJ")%></td>
<td><input type=checkbox name=sel_id value='<%response.write rs("id")%>'></td>
</tr>
<%
    rs.movenext
  next
  rs.close
%>
<tr class=tr1>
<td colspan=5>
现有<font class=red><%response.write rssum%></font>条<%response.write tit_fir%>，
每页<font class=red><%response.write nummer%></font>条，
页次：<font class=red><%response.write viewpage%></font>/<font class=red><%

response.write thepages%></font>
分页：<%response.write jk_pagecute(nummer,thepages,viewpage,pageurl,5,"#ff0000")%>
</td>
<td colspan=4 align=center>
执行
<select name=sel_type size=1>
<option value='del'>删除</option>
<option value='unlock'>解锁IP</option>
<option value='lock'>锁定IP</option>
</select>
<input type=submit class=btn value='操作' onclick="return sel_click(this.form);">
</td>
</tr>
</form>
<%
end sub
%>

文章来自: 本站原创
引用通告: 查看所有引用 | 我要引用此文章
Tags:
相关日志: