• Aranacak içerik:
28Nis
Classic Asp Sql Injection Function
function SQLInject(strWords)
dim badChars, newChars, tmpChars, regEx, i
badChars = array( _
"select(.*)(from|with|by){1}", "insert(.*)(into|values){1}", "update(.*)set", "delete(.*)(from|with){1}", _
"drop(.*)(from|aggre|role|assem|key|cert|cont|credential|data|endpoint|event|f ulltext|function|index|login|type|schema|procedure|que|remote|role|route|sign| stat|syno|table|trigger|user|view|xml){1}", _
"alter(.*)(application|assem|key|author|cert|credential|data|endpoint|fulltext |function|index|login|type|schema|procedure|que|remote|role|route|serv|table|u ser|view|xml){1}", _
"xp_", "sp_", "restore\s", "grant\s", "revoke\s", _
"dbcc", "dump", "use\s", "set\s", "truncate\s", "backup\s", _
"load\s", "save\s", "shutdown", "cast(.*)\(", "convert(.*)\(", "execute\s", _
"updatetext", "writetext", "reconfigure", _
"/\*", "\*/", ";", "\-\-", "\[", "\]", "char(.*)\(", "nchar(.*)\(") 
newChars = strWords
for i = 0 to uBound(badChars)
Set regEx = New RegExp
regEx.Pattern = badChars(i)
regEx.IgnoreCase = True
regEx.Global = True
newChars = regEx.Replace(newChars, "")
Set regEx = nothing
next
newChars = replace(newChars, "'", "''")
newChars= replace(newChars, "'", "''")
newChars= replace(newChars, " ", "")
newChars= replace(newChars, "'", "|")
newChars= replace(newChars, "|", "''")
newChars= replace(newChars, "\""", "|")
newChars= replace(newChars, "|", "''")
SQLInject = newChars
end function

Kullanımı YeniKelime = SQLInject(“Select Test”)

Bu function ile SQL Injection açığını önüne geçebilirsiniz
26May
Asp SQL Injection Temizleme function
Function Temizle(strVeri)
	If strVeri = "" Then Exit Function

	strVeri = Replace(strVeri, "<", "<")
	strVeri = Replace(strVeri, ">", ">")
	strVeri = Replace(strVeri, "[", "[")
	strVeri = Replace(strVeri, "]", "]")
	strVeri = Replace(strVeri, """", "", 1, -1, 1)
	strVeri = Replace(strVeri, "=", "=", 1, -1, 1)
	strVeri = Replace(strVeri, "'", "''", 1, -1, 1)
	strVeri = Replace(strVeri, "Select", "select", 1, -1, 1)
	strVeri = Replace(strVeri, "join", "join", 1, -1, 1)
	strVeri = Replace(strVeri, "union", "uniOn", 1, -1, 1)
	strVeri = Replace(strVeri, "where", "where", 1, -1, 1)
	strVeri = Replace(strVeri, "insert", "insert", 1, -1, 1)
	strVeri = Replace(strVeri, "Delete", "delete", 1, -1, 1)
	strVeri = Replace(strVeri, "Update", "update", 1, -1, 1)
	strVeri = Replace(strVeri, "Like", "like", 1, -1, 1)
	strVeri = Replace(strVeri, "drop", "drop", 1, -1, 1)
	strVeri = Replace(strVeri, "create", "create", 1, -1, 1)
	strVeri = Replace(strVeri, "modify", "Modify", 1, -1, 1)
	strVeri = Replace(strVeri, "rename", "renaMe", 1, -1, 1)
	strVeri = Replace(strVeri, "alter", "alter", 1, -1, 1)
	strVeri = Replace(strVeri, "cast", "cast", 1, -1, 1)
	
	Temizle = strVeri

End Function
Telif hakkı © 2025 Ahmet AYDINLIK | Yazılım Geliştirici