Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so just use oauth login instead. :)
Paste
Pasted by aaaa ( 13 years ago )
<%
function sqlInjection()
'Palavras que serão barradas caso encontradas nos request
badchar = array("insert", "drop", " or ", "update", "cast", "and", "char", "/*", "*/", "select", "@", ";", "--", "+", "'", "/", "(")
' Verificando o que é passado pelo request.queryString
for each item in request.QueryString
for j = lbound(badchar) to ubound(badchar)
if instr(lcase(Request.QueryString(item)), lcase(badchar(j))) > 0 then
response.Redirect("erro.asp?d=pagina")
end if
next
next
'Verificando o que é enviado por request.form
for each item in request.form
for j = lbound(badchar) to ubound(badchar)
if instr(lcase(Request.form(item)), lcase(badchar(j))) > 0 then
response.Redirect("erro.asp?d=pagina")
end if
next
next
' Verifica o que está sendo passado via cookies
for each item in request.Cookies
for j = lbound(badchar) to ubound(badchar)
if instr(lcase(Request.Cookies(item)), lcase(badchar(j))) > 0 then
response.Redirect("erro.asp?d=pagina")
end if
next
next
end function
'Aqui chamamos a função
sqlInjection()
%>
Esse arquivo deve ser inserido no topo de todas as páginas que você quiser verificar, por exemplo, na página login.asp
<!--#include file="sqlinjection.asp"-->
Revise this Paste