Apache:Asp not working,help

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Apache:Asp not working,help

Postby fictioner » 17. May 2010 07:48

I develop a website with asp,it's working very good under MS IIS,but not working under Xampp apache:asp。
it's error in logs\xxx.log:

Code: Select all
[Mon May 17 14:46:44 2010] [error] [asp] [3108] [debug] Bareword found where operator expected at E:/Work/web/2010/wangyoujie/Sys_SqlSafeIn.Asp line 3, near "'--------\xb0\xe6\xc8\xa8\xcb\xb5\xc3\xf7------------------ <--> 'SQL" <-->   (Might be a runaway multi-line '' string starting on line 2) <-->
[Mon May 17 14:46:44 2010] [error] [asp] [3108] [debug] \t(Missing operator before SQL?) <-->
[Mon May 17 14:46:44 2010] [error] [asp] [3108] [error] error compiling Sys_SqlSafeIn.Asp: Unrecognized character \\xCD in column 467 at E:/Work/web/2010/wangyoujie/Sys_SqlSafeIn.Asp line 3. <--> , E:/xampp/perl/site/lib/Apache/ASP.pm line 1466


it's content in My file "Sys_SqlSafeIn.Asp ":
Code: Select all

<%
'--------版权说明------------------
'SQL通用防注入程序 V3.0
'2.0强化版,对代码做了一点优化,加入自动封注入者Ip的功能!^_^
'3.0版,加入后台登陆查看注入记录功能,方便网站管理员查看非法记录,以及删除以前的记录,是否对入侵者Ip解除封锁!
'3.5版,加入了后台察看攻击的IP和攻击的次数,完善了原来的IP封锁,真正实现了后台锁定和解锁,并加入了自定义IP的封锁!
'Lucidwood(透明木头) URL:http://www.wrsky.com


'--------数据库连接部分--------------
dim dbkillSql,killSqlconn,connkillSql,Sqlin_IP
Sqlin_IP=Request.ServerVariables("REMOTE_ADDR")
dbkillSql="db/SqlIn.asp"
'On Error Resume Next
Set killSqlconn = Server.CreateObject("ADODB.Connection")
connkillSql="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(dbkillSql)
killSqlconn.Open connkillSql
If Err Then
   err.Clear
   Set killSqlconn = Nothing
   Response.Write "数据库连接出错,请检查连接字串。"
   Response.End
End If


'--------定义部份------------------
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql
'自定义需要过滤的字串,用 "|" 分隔
Fy_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Kill_IP=0
WriteSql=True         
'----------------------------------


Fy_Inf = split(Fy_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
   For Each Fy_Post In Request.Form
      For Fy_Xh=0 To Ubound(Fy_Inf)
         If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
            If WriteSql=True Then
                 Kill_IPsql="select hits from SqlIn where Sqlin_IP='"&Sqlin_IP&"'"
                   Set rsk1=killSqlconn.Execute(Kill_IPsql)
                     hits=rsk1("hits")+1                    
                      If Not(rsk1.eof or rsk1.bof) Then
          
                     killSqlconn.Execute("delete * from SqlIn where Sqlin_IP='"&Sqlin_IP&"'")
                     killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&hits&"','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
                 Else
                 killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('1','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
                  killSqlconn.close
                  Set killSqlconn = Nothing
                  End If
            End If
            Response.Write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n你的IP已被记录,请不要在参数中包含非法字符尝试注入!');javascript:history.go(-1);</Script>"
            Response.End
         End If
      Next
   Next
End If
'----------------------------------

'--------GET部份-------------------
If Request.QueryString<>"" Then
   For Each Fy_Get In Request.QueryString
      For Fy_Xh=0 To Ubound(Fy_Inf)
         If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
            If WriteSql=True Then
                 Kill_IPsql="select hits from SqlIn where Sqlin_IP='"&Sqlin_IP&"'"
                   Set rsk1=killSqlconn.execute(Kill_IPsql)
                      If Not(rsk1.eof or rsk1.bof) Then
                     hits=rsk1("hits")+1            
                     killSqlconn.Execute("delete * from SqlIn where Sqlin_IP='"&Sqlin_IP&"'")
                     killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&hits&"','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
                 Else
                 killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('1','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
                  killSqlconn.close
                  Set killSqlconn = Nothing
                  End If
            End If
            Response.Write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n你的IP已被记录,请不要在参数中包含非法字符尝试注入!');javascript:history.go(-1);</Script>"
            Response.End
         End If
      Next
   Next
End If


   Dim rsKill_IP,Kill_IPsql
   Kill_IPsql="select Kill_Ip from SqlIn where Sqlin_IP='"&Sqlin_IP&"'"
   Set rsKill_IP=killSqlconn.execute(Kill_IPsql)
   If Not(rsKill_Ip.bof) Then
   If rsKill_IP("Kill_Ip") = 1 Then
      Response.write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n你的Ip已经被本系统自动锁定!\n\n如想访问本站请和管理员联系!');</Script>"
   Response.End
   rsKill_IP.close
   Set killSqlconn = Nothing
   End If
   End If
%>


please help me,thinks!
fictioner
 
Posts: 1
Joined: 17. May 2010 07:40

Re: Apache:Asp not working,help

Postby Wiedmann » 17. May 2010 08:00

Wiedmann
AF Moderator
 
Posts: 17106
Joined: 01. February 2004 12:38
Location: Stuttgart / Germany


Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 44 guests