的网站平台。 IdeaCMS是基于ASP+Access/ASP+MSSQL开发的网站内容管理系统,这样一般的开发人员都能比较轻松的掌握本系统。目前本系统集成了简介类模块,新闻类模块,产品类模
块,视频类模块,图片类模块,下载类模块。并且有评论,www.xuhantao.com,订单,应聘等插件供选择。并支持生成静态网站,方便搜索引擎收录。 本系统从2007年发布至今经历了1.0,1.1,2.0,3.0,
4.0四个版本,受到了许多用户的肯定以及市场的检验,并不断吸收来自各方面的发展建议和成功经验,其功能不断完善和发展,目前系统不仅适用于企业网站,涛涛电脑知识网,也适合门户、政府、学校、以
及其他各种资讯类网站使用。
详细说明:
<!--#include file="../inc/Main_Class.asp"-->
<%
'****************************************************
'Code for IdeaCMS
'****************************************************
dim action,str,page,sql,MesTitle,LinkName,Content,validcode,Company,Address,Telephone,Email,back
action=filterPara(getForm("action","get")) : str=filterPara(getForm("str","get")) : page=filterPara(getForm("page","get"))
MesTitle=filterPara(getForm("MesTitle","post")) : LinkName=filterPara(getForm("LinkName","post")) : Content=codeTextarea(filterPara(getForm("Content","post")),"en")
Company=filterPara(getForm("LinkComp","post")) : Address=filterPara(getForm("LinkAddr","post")) : Telephone=filterPara(getForm("LinkTel","post")) : Email=filterPara
(getForm("LinkEmail","post"))
back="GuestBook.asp"
if action="add" then
if isNul(Content) then alertback "内容为空!"
validcode = replace(filterPara(getForm("input_yzm","post")),"'","")
if Session("GetCode")<>validcode then
alert "验证码错误!",back
else
sql="insert into {pre}GuestBook(MesTitle,LinkName,Content,Company,Address,Telephone,Email) values
('"&MesTitle&"','"&LinkName&"','"&Content&"','"&Company&"','"&Address&"','"&Telephone&"','"&Email&"')"
conn.db sql,"0"
if err then err.clear : alert "留言添加失败",back else if cint(guestmode)=1 then alert "留言添加成功,将在审核后显示!",back else alert "留言添加成
功!",back
end if
end if
if isNul(page) then
page=1
else
if isNum(page) then page=clng(page) else alert "参数错误!",back
end if
dim templateobj,channelTemplatePath : set templateobj = mainClassobj.createObject("MainClass.template")
dim channelTemplateName,channelStr
channelTemplatePath = PubPath("guestbook.html")
with templateObj : .load(channelTemplatePath) : .parseComm() : .parseColumn() : .parseChannel("") : .parseList 0,page,"guestlist","" : .parseIf() : channelStr =
.content : end with
if str="签写留言" then
channelStr = replace(channelStr,"id=guestlist>","id=guestlist style=display:none>")
channelStr = replace(channelStr,"id=guestwrite style=display:none>","id=guestwrite>")
end if
Echo channelStr
set templateobj =nothing : terminateAllObjects
%>
跟踪
getForm 和filterPara
Function getForm(element,mtype)
Select case mtype
case "get"
getForm=trim(request.QueryString(element))
case "post"
getForm=trim(request.Form(element))
case else
if isNul(request.QueryString(element)) then getForm=trim(request.Form(element)) else getForm=trim(request.QueryString(element))
End Select
End Function
去掉空格
继续跟踪函数
Function filterPara(byVal Para)
filterPara=preventSqlin(filterStr(Para,"jsiframe"))
End Function
先来看看
Function preventSqlin(content)
dim sqlStr,sqlArray,i,speStr
sqlStr="%27|*|and|exec|dbcc|alter|drop|insert|select|update|delete|count|master|truncate|char|declare|where|set|declare|mid|chr"
if isNul(content) then Exit Function
sqlArray=split(sqlStr,"|")
for i=lbound(sqlArray) to ubound(sqlArray)
if instr(lcase(content),sqlArray(i))<>0 then alertback "你提交的数据含非法字符" : Exit Function
next
preventSqlin=content
End Function
你还想注入么????
再看
'去除html格式
Function filterStr(Byval str,Byval filtertype)
if isNul(str) then filterStr = "" : Exit Function
dim regObj, outstr,rulestr : set regObj = New Regexp
regObj.IgnoreCase = true : regObj.Global = true
Select case filtertype
case "html"
rulestr = "(<[a-zA-Z].*?>)|(<[\/][a-zA-Z].*?>)"
case "jsiframe"
rulestr = "(<(script|iframe).*?>)|(<[\/](script|iframe).*?>)"
end Select
regObj.Pattern = rulestr
outstr = regObj.Replace(str, "")
outstr=replace(outstr,"{ideacms:page}","")
outstr=replace(outstr," ","")
set regObj = Nothing : filterStr = outstr
End Function
这是过滤html么
绕过之
<style/onload=alert(/welcome to by mOon/)>
修复方案:
各种过滤!!!!!
作者
