Asp常见漏洞解决办法

注入>>>
dim Sql_Injdata,SQL_inj,Sql_Post,SQL_Data,SQL_Get
Sql_Injdata = "’|iframe|alert|script|escape|or|%|and|execute|select|union|delete|Update|Declare|join"
SQL_inj = split(Sql_Injdata ,"|")
’--------------------------防止Get方法注入
If Request.QueryString<>"" Then
For Each SQL_Get In Request.QueryString
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.QueryString(SQL_Get),Sql_Inj(Sql_DATA))>0 Then
info "欢迎使用My Cms,请勿利用本程序进行破任何非法活动！",domain&"/Index.asp"
Response.end
end if
next
Next
End If
’--------------------------防止Post方法注入
If Request.Form<>"" Then
For Each Sql_Post In Request.Form
For SQL_Data=0 To Ubound(SQL_inj)
if instr(Request.Form(Sql_Post),Sql_Inj(Sql_DATA))>0 Then
response.Write("<script language=’javascript’>history.back(-1);</script>")
Response.end
end if
next
next
end if
外部提交>>>

server_v1=Cstr(Request.ServerVariables("HTTP_REFERER"))
server_v2=Cstr(Request.ServerVariables("SERVER_NAME"))
if mid(server_v1,8,len(server_v2))<>server_v2 then
response.write("本站禁止外部提交！")
endn if
SQL="SELECT * FROM NEWS WHERE ID="&INT(REQEUST.QUERYSTRING("gID"))
CON.EXECUTE(SQL)
备份：》》
数据库》》web2.0
<%%>
form querystring cookIEs request("aaa")