由于最近黑客猖獗，上周末连金山词霸官网也被攻击挂马，对于病毒和黑客没办法做到100%的防备，但至少也要提高网站的安全性能！在这里给出ASP防止挂马攻击和SQL参数注入攻击函数，希望大家做好补丁！

1. 
   
2. Function FunSQL(Str)
   
3. If Isnull(Str) Then
   
4. FunSQL = ""
   
5. Exit Function
   
6. End If
   
7.   Str=trim(Str)
   
8. Str = Replace(Str,Chr(0),"", 1, -1, 1)
   
9. Str = Replace(Str, """", """, 1, -1, 1)
   
10. Str = Replace(Str,"<","&lt;", 1, -1, 1)
    
11. Str = Replace(Str,">","&gt;", 1, -1, 1)
    
12.   Str = Replace(Str,CHR(42),"&#42;")  '“*”
    
13.   Str = Replace(Str,CHR(44),"&#44;")  '“,”
    
14. Str = Replace(Str, "script", "&#115;cript", 1, -1, 0)
    
15. Str = Replace(Str, "SCRIPT", "&#083;CRIPT", 1, -1, 0)
    
16. Str = Replace(Str, "Script", "&#083;cript", 1, -1, 0)
    
17. Str = Replace(Str, "script", "&#083;cript", 1, -1, 1)
    
18. Str = Replace(Str, "object", "&#111;bject", 1, -1, 0)
    
19. Str = Replace(Str, "OBJECT", "&#079;BJECT", 1, -1, 0)
    
20. Str = Replace(Str, "Object", "&#079;bject", 1, -1, 0)
    
21. Str = Replace(Str, "object", "&#079;bject", 1, -1, 1)
    
22. Str = Replace(Str, "applet", "&#097;pplet", 1, -1, 0)
    
23. Str = Replace(Str, "APPLET", "&#065;PPLET", 1, -1, 0)
    
24. Str = Replace(Str, "Applet", "&#065;pplet", 1, -1, 0)
    
25. Str = Replace(Str, "applet", "&#065;pplet", 1, -1, 1)
    
26. Str = Replace(Str, "[", "&#091;")
    
27. Str = Replace(Str, "]", "&#093;")
    
28. ' Str = Replace(Str, "=", "&#061;", 1, -1, 1)
    
29. ' Str = Replace(Str, "'", "''", 1, -1, 1)
    
30. Str = Replace(Str, "select", "sel&#101;ct", 1, -1, 1)
    
31. Str = Replace(Str, "execute", "&#101xecute", 1, -1, 1)
    
32. Str = Replace(Str, "exec", "&#101xec", 1, -1, 1)
    
33. Str = Replace(Str, "join", "jo&#105;n", 1, -1, 1)
    
34. Str = Replace(Str, "union", "un&#105;on", 1, -1, 1)
    
35. Str = Replace(Str, "where", "wh&#101;re", 1, -1, 1)
    
36. Str = Replace(Str, "insert", "ins&#101;rt", 1, -1, 1)
    
37. Str = Replace(Str, "delete", "del&#101;te", 1, -1, 1)
    
38. Str = Replace(Str, "update", "up&#100;ate", 1, -1, 1)
    
39. Str = Replace(Str, "like", "lik&#101;", 1, -1, 1)
    
40. Str = Replace(Str, "drop", "dro&#112;", 1, -1, 1)
    
41. Str = Replace(Str, "create", "cr&#101;ate", 1, -1, 1)
    
42. Str = Replace(Str, "rename", "ren&#097;me", 1, -1, 1)
    
43. Str = Replace(Str, "count", "co&#117;nt", 1, -1, 1)
    
44. Str = Replace(Str, "chr", "c&#104;r", 1, -1, 1)
    
45. Str = Replace(Str, "mid", "m&#105;d", 1, -1, 1)
    
46. Str = Replace(Str, "truncate", "trunc&#097;te", 1, -1, 1)
    
47. Str = Replace(Str, "nchar", "nch&#097;r", 1, -1, 1)
    
48. Str = Replace(Str, "char", "ch&#097;r", 1, -1, 1)
    
49. Str = Replace(Str, "alter", "alt&#101;r", 1, -1, 1)
    
50. Str = Replace(Str, "cast", "ca&#115;t", 1, -1, 1)
    
51. Str = Replace(Str, "exists", "e&#120;ists", 1, -1, 1)
    
52. Str = Replace(Str,Chr(13),"<br>", 1, -1, 1)
    
53. ' Str = Replace(Str, "*", "＊")
    
54. Str = Replace(Str, "%", "％")
    
55. Str = Replace(Str, "-", "&#8211;")
    
56. FunSQL =Replace(Str,"'","&#39;", 1, -1, 1)
    
57. End Function

复制代码

这里对 script 的大小写也进行了区分过滤，基本可以解决。我们可以再数据的存储和调用的时候进行过滤判断！

CT```ASP挂马 教材來············

雙面啊·······

不大懂，如何用？

好東西···············

不会用