Apache:Asp not working,help
Posted: 17. May 2010 07:48I develop a website with asp,it's working very good under MS IIS,but not working under Xampp apache:asp。
it's error in logs\xxx.log:
it's content in My file "Sys_SqlSafeIn.Asp ":
please help me,thinks!
it's error in logs\xxx.log:
- Code: Select all
[Mon May 17 14:46:44 2010] [error] [asp] [3108] [debug] Bareword found where operator expected at E:/Work/web/2010/wangyoujie/Sys_SqlSafeIn.Asp line 3, near "'--------\xb0\xe6\xc8\xa8\xcb\xb5\xc3\xf7------------------ <--> 'SQL" <--> (Might be a runaway multi-line '' string starting on line 2) <-->
[Mon May 17 14:46:44 2010] [error] [asp] [3108] [debug] \t(Missing operator before SQL?) <-->
[Mon May 17 14:46:44 2010] [error] [asp] [3108] [error] error compiling Sys_SqlSafeIn.Asp: Unrecognized character \\xCD in column 467 at E:/Work/web/2010/wangyoujie/Sys_SqlSafeIn.Asp line 3. <--> , E:/xampp/perl/site/lib/Apache/ASP.pm line 1466
it's content in My file "Sys_SqlSafeIn.Asp ":
- Code: Select all
<%
'--------版权说明------------------
'SQL通用防注入程序 V3.0
'2.0强化版,对代码做了一点优化,加入自动封注入者Ip的功能!^_^
'3.0版,加入后台登陆查看注入记录功能,方便网站管理员查看非法记录,以及删除以前的记录,是否对入侵者Ip解除封锁!
'3.5版,加入了后台察看攻击的IP和攻击的次数,完善了原来的IP封锁,真正实现了后台锁定和解锁,并加入了自定义IP的封锁!
'Lucidwood(透明木头) URL:http://www.wrsky.com
'--------数据库连接部分--------------
dim dbkillSql,killSqlconn,connkillSql,Sqlin_IP
Sqlin_IP=Request.ServerVariables("REMOTE_ADDR")
dbkillSql="db/SqlIn.asp"
'On Error Resume Next
Set killSqlconn = Server.CreateObject("ADODB.Connection")
connkillSql="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(dbkillSql)
killSqlconn.Open connkillSql
If Err Then
err.Clear
Set killSqlconn = Nothing
Response.Write "数据库连接出错,请检查连接字串。"
Response.End
End If
'--------定义部份------------------
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,Kill_IP,WriteSql
'自定义需要过滤的字串,用 "|" 分隔
Fy_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare"
Kill_IP=0
WriteSql=True
'----------------------------------
Fy_Inf = split(Fy_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
If WriteSql=True Then
Kill_IPsql="select hits from SqlIn where Sqlin_IP='"&Sqlin_IP&"'"
Set rsk1=killSqlconn.Execute(Kill_IPsql)
hits=rsk1("hits")+1
If Not(rsk1.eof or rsk1.bof) Then
killSqlconn.Execute("delete * from SqlIn where Sqlin_IP='"&Sqlin_IP&"'")
killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&hits&"','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
Else
killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('1','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
killSqlconn.close
Set killSqlconn = Nothing
End If
End If
Response.Write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n你的IP已被记录,请不要在参数中包含非法字符尝试注入!');javascript:history.go(-1);</Script>"
Response.End
End If
Next
Next
End If
'----------------------------------
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
If WriteSql=True Then
Kill_IPsql="select hits from SqlIn where Sqlin_IP='"&Sqlin_IP&"'"
Set rsk1=killSqlconn.execute(Kill_IPsql)
If Not(rsk1.eof or rsk1.bof) Then
hits=rsk1("hits")+1
killSqlconn.Execute("delete * from SqlIn where Sqlin_IP='"&Sqlin_IP&"'")
killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('"&hits&"','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
Else
killSqlconn.Execute("insert into SqlIn(hits,Kill_Ip,Sqlin_IP,SqlIn_Web,SqlIn_FS,SqlIn_CS,SqlIn_SJ) values('1','0','"&Request.ServerVariables("REMOTE_ADDR")&"','"&Request.ServerVariables("URL")&"','GET','"&Fy_Get&"','"&replace(Request.QueryString(Fy_Get),"'","''")&"')")
killSqlconn.close
Set killSqlconn = Nothing
End If
End If
Response.Write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n你的IP已被记录,请不要在参数中包含非法字符尝试注入!');javascript:history.go(-1);</Script>"
Response.End
End If
Next
Next
End If
Dim rsKill_IP,Kill_IPsql
Kill_IPsql="select Kill_Ip from SqlIn where Sqlin_IP='"&Sqlin_IP&"'"
Set rsKill_IP=killSqlconn.execute(Kill_IPsql)
If Not(rsKill_Ip.bof) Then
If rsKill_IP("Kill_Ip") = 1 Then
Response.write "<Script Language=JavaScript>alert('SQL防注入系统提示你↓\n\n你的Ip已经被本系统自动锁定!\n\n如想访问本站请和管理员联系!');</Script>"
Response.End
rsKill_IP.close
Set killSqlconn = Nothing
End If
End If
%>
please help me,thinks!