日期:2014-05-17  浏览次数:20916 次

关于ASP语言的漏洞问题~答者有分哦!!!!
各位兄弟~有一些问题想问一下
我们公司想做一个类似于“淘宝”的交易类网站,使用ASP语言,我就想问一下如果做ASP的话那么需要注意哪些漏洞风险问题呢?
以下是我个人知道的一点漏洞:

1。防止外部提交

这是防止外部提交的代码
'检测外部提交
ht=Request.ServerVariables( "HTTP_REFERER ")
hs=Request.ServerVariables( "SERVER_NAME ")
if   mid(ht,8,len(hs)) <> hs   then  
response.write   " <script> alert( '请不要试图以不和法的URL参数访问! ');location.href= 'http:// "&Request.ServerVariables( "SERVER_NAME ")& " '; </script> "
response.end
end   if


2。防止URL注入

检测是否带有注入的参数
function   filt(stri)
dim   i
ale=   Instr(stri,   " ' ")
i=i+ale
ale=   Instr(stri,   " < ")
i=i+ale
ale=   Instr(stri,   "> ")
i=i+ale
ale=   Instr(stri,   " " " ")
i=i+ale
ale=   Instr(stri,   "’ ")
i=i+ale
ale=   Instr(stri,   "‘ ")
i=i+ale
ale=   Instr(stri,   "“ ")
i=i+ale
ale=   Instr(stri,   "” ")
i=i+ale
ale=   Instr(stri,   "$ ")
i=i+ale
ale=   Instr(stri,   "% ")
i=i+ale
ale=   Instr(stri,   "& ")
i=i+ale
ale=   Instr(stri,   "# ")
i=i+ale
ale=   Instr(stri,   "~ ")
i=i+ale
ale=   Instr(stri,   "` ")
i=i+ale
ale=   Instr(stri,   "* ")
i=i+ale
ale=   Instr(stri,   "( ")
i=i+ale
ale=   Instr(stri,   ") ")
i=i+ale
ale=   Instr(stri,   "+ ")
i=i+ale
ale=   Instr(stri,   "= ")
i=i+ale
ale=   Instr(stri,   "^ ")
i=i+ale
ale=   Instr(stri,   "! ")
i=i+ale
ale=   Instr(stri,   ", ")
i=i+ale
ale=   Instr(stri,   "{ ")
i=i+ale
ale=   Instr(stri,   "} ")
i=i+ale
ale=   Instr(stri,   "] ")
i=i+ale
ale=   Instr(stri,   "[ ")
i=i+ale
ale=   Instr(stri,   "and ")
i=i+ale
ale=   Instr(stri,   "insert ")
i=i+ale
ale=   Instr(stri,   "or ")
i=i+ale
ale=   Instr(stri,   "not ")
i=i+ale
ale=   Instr(stri,   "like ")
i=i+ale
ale=   Instr(stri,   "update ")
i=i+ale
ale=   Instr(stri,   "del ")
i=i+ale
ale=   Instr(stri,   "add ")
i=i+ale
ale=   Instr(stri,   "exec ")
i=i+ale
ale=   Instr(stri,   "asc ")
i=i+ale
ale=   Instr(stri,   "object ")
i=i+ale
ale=   Instr(stri,   "join ")
i=i+ale
ale=   Instr(stri,   "where ")
i=i+ale
ale=   Instr(stri,   "delete ")
i=i+ale
ale=   Instr(stri,   "count ")
i=i+ale
ale=   Instr(stri,   "char ")
i=i+ale
ale=   Instr(stri,   "int ")
i=i+ale
ale=   Instr(stri,   "exists ")
i=i+ale
ale=   Instr(stri,   "if ")