221.214.14.186

home *** CD-ROM | disk | FTP | other *** search

/ 221.214.14.186 / 221.214.14.186.tar / 221.214.14.186 / wh / qim / Ft_sqlin.asp < prev next >

Wrap

Text File | 2006-06-01 | 4KB | 109 lines

<% '================================== '=╬─ ╝■ ├√ú║Ft_sqlin.asp '=╩╩╙├░µ▒╛ú║FeitecCMS AC V1.3 Free '=╣ª ─▄ú║SQL╖└╫ó╚δ│╠╨≥ '=╫≈ ╒▀ú║╙Ω│╟[From to FeitecStudio] '=╨▐ ╕─ú║╙Ω│╟íóHOHOú¿╠φ╝╙╦°╢¿╥╗╕÷IP╓╗╝╙╥╗╠⌡╝╟┬╝╣ª─▄ú⌐ '=╚╒ ╞┌ú║2006-2-19 18:09 '=░µ ╚¿ú║http://www.feitec.com/ '=╝╝╩⌡╠╓┬█ú║6602510íó14040543ú¿╨┬╩╓╚║ú⌐ '================================== '--------╢¿╥σ▓┐╖▌------------------ Dim Ft_Post,Ft_Get,Ft_In,Ft_Inf,Ft_Xh,Ft_db,Ft_dbstr,Kill_IP,WriteSql '╫╘╢¿╥σ╨Φ╥¬╣²┬╦╡─╫╓┤«,╙├ "|" ╖╓╕⌠ Ft_In = "'|;|and|(|)|exec|insert|select|delete|update|count|*|%|chr|mid|truncate|char|declare" Kill_IP=True WriteSql=True Ft_Inf = split(Ft_In,"|") '--------POST▓┐╖▌------------------ If Request.Form<>"" Then For Each Ft_Post In Request.Form For Ft_Xh=0 To Ubound(Ft_Inf) If Instr(LCase(Request.Form(Ft_Post)),Ft_Inf(Ft_Xh))<>0 Then If WriteSql=True Then sql="select * from Ft_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true" '2005-11-21 Updated set rs=server.createobject("adodb.recordset") rs.open sql,conn,1,3 if rs.eof or rs.bof then '2005-11-21 Updated rs.addnew rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR") rs("SqlIn_Web")=Request.ServerVariables("URL") rs("SqlIn_FS")="POST" rs("SqlIn_CS")=Ft_Post rs("SqlIn_SJ")=replace(Request.Form(Ft_Post),"'","''") if sqlin_ok=2 then '┤≥┐¬╖└╫ó╣ª─▄╡½▓╗╦°╢¿IP rs("Kill_ip")=False else rs("Kill_ip")=False '╧╡═│─¼╚╧▓╗╦°╢¿POST╠ß╜╗ end if rs.update rs.close:set rs=nothing End If Response.Write "<Script Language=JavaScript>alert('╟δ▓╗╥¬╘┌▓╬╩²╓╨░ⁿ║¼╖╟╖¿╫╓╖√│ó╩╘╫ó╚δúí');</Script>" Response.Write "╖╟╖¿▓┘╫≈úí╧╡═│╫÷┴╦╚τ╧┬╝╟┬╝í²<br>" Response.Write "▓┘╫≈ú╔ú╨ú║"&Request.ServerVariables("REMOTE_ADDR")&"<br>" Response.Write "▓┘╫≈╩▒╝Σú║"&Now&"<br>" Response.Write "▓┘╫≈╥│├µú║"&Request.ServerVariables("URL")&"<br>" Response.Write "╠ß╜╗╖╜╩╜ú║ú╨ú╧ú╙ú╘<br>" Response.Write "╠ß╜╗▓╬╩²ú║"&Ft_Post&"<br>" Response.Write "╠ß╜╗╩²╛▌ú║"&Request.Form(Ft_Post) Response.End End If End If Next Next End If '---------------------------------- '--------GET▓┐╖▌------------------- If Request.QueryString<>"" Then For Each Ft_Get In Request.QueryString For Ft_Xh=0 To Ubound(Ft_Inf) If Instr(replace(LCase(Request.QueryString(Ft_Get)),"<br><li>",""),Ft_Inf(Ft_Xh))<>0 Then If WriteSql=True Then sql="select * from Ft_SqlIn where Sqlin_IP='" & Request.ServerVariables("REMOTE_ADDR") & "' and kill_ip=true" '2005-11-21 Updated set rs=server.createobject("adodb.recordset") rs.open sql,conn,1,3 if rs.eof or rs.bof then '2005-11-21 Updated rs.addnew rs("Sqlin_IP")=Request.ServerVariables("REMOTE_ADDR") rs("SqlIn_Web")=Request.ServerVariables("URL") rs("SqlIn_FS")="GET" rs("SqlIn_CS")=Ft_Get rs("SqlIn_SJ")=replace(Request.QueryString(Ft_Get),"'","''") if sqlin_ok=2 then '┤≥┐¬╖└╫ó╣ª─▄╡½▓╗╦°╢¿IP rs("Kill_ip")=False else rs("Kill_ip")=True end if rs.update rs.close:set rs=nothing End If Response.Write "<Script Language=JavaScript>alert('╟δ▓╗╥¬╘┌▓╬╩²╓╨░ⁿ║¼╖╟╖¿╫╓╖√│ó╩╘╫ó╚δúí');</Script>" Response.Write "╖╟╖¿▓┘╫≈úí╧╡═│╫÷┴╦╚τ╧┬╝╟┬╝í²<br>" Response.Write "▓┘╫≈ú╔ú╨ú║"&Request.ServerVariables("REMOTE_ADDR")&"<br>" Response.Write "▓┘╫≈╩▒╝Σú║"&Now&"<br>" Response.Write "▓┘╫≈╥│├µú║"&Request.ServerVariables("URL")&"<br>" Response.Write "╠ß╜╗╖╜╩╜ú║ú╟ú┼ú╘<br>" Response.Write "╠ß╜╗▓╬╩²ú║"&Ft_Get&"<br>" Response.Write "╠ß╜╗╩²╛▌ú║"&Request.QueryString(Ft_Get) Response.End End If End If Next Next End If If Kill_IP=True Then Dim cur_IP,rsKill_IP,Kill_IPsql cur_IP=Request.ServerVariables("REMOTE_ADDR") Kill_IPsql="select Sqlin_IP from Ft_SqlIn where Sqlin_IP='"&cur_IP&"' and kill_ip=true" set rsKill_IP=server.createobject("adodb.recordset") rsKill_IP.open Kill_IPsql,conn,1,1 If Not(rsKill_IP.eof or rsKill_IP.bof) Then Response.write "<Script Language=JavaScript>alert('─π╡─Ip╥╤╛¡▒╗▒╛╧╡═│╫╘╢»╦°╢¿úí\n\n╚τ╧δ╖├╬╩▒╛╒╛╟δ║═╣▄└φ╘▒┴¬╧╡úí╣▄└φ╘▒╙╩╧Σú║"&webemail&"\n\n ["&webname&"]');</Script>" Response.End End If rsKill_IP.close:set rsKill_IP=nothing End If %>