Recommended: Detailed explanation of FileSystemObject object of asp Does the specified drive exist? This example demonstrates how to use the DriveExists method to detect whether a drive exists. The code is as follows: html body % Setfs=Server.CreateObject(Scripting.FileSystemObject) ifffs.driveexists(c:)=truethen Response.Write(Drive c: exists.) Else Response.Wr
After the database is hung up, many people don’t know how to deal with it, or the processing is incomplete, resulting in Trojans still appearing after the web page is opened. This article introduces a better solution for your reference.Step 1 : Make backups for existing databases.
Step 2 : Execute the following ASP file to remove the JS Trojans in the database. (Note: conn.asp is omitted)
| 'Put the JS Trojan content here: Please remember to change it to the JS Trojan content in your own database. <!--#includefile=conn.asp--> <% Server.ScriptTimeOut=180 SetrstSchema=conn.OpenSchema(20) k=1 DoUntilrstSchema.EOF 'Transfer database tables IfrstSchema(TABLE_TYPE)=TABLEThen response.writeK&.<fontcolor=red><b>&rstSchema(TABLE_NAME)&</b></font>: 'Show table name Setrs=Server.CreateObject(ADODB.Recordset) sql=select*from[&rstSchema(TABLE_NAME)&] rs.opensql,conn,1,3 Fori=0tors.fields.count-1 'Travel the fields in the table Ifint(rs(i).Type)=129orint(rs(i).Type)=130orint(rs(i).Type)=200orint(rs(i).Type)=201orint(rs(i).Type)=202orint(rs(i).Type)=203Then 'Only deal with fields with character-type fields conn.execute(update[&rstSchema(TABLE_NAME)&]set&rs(i).name&=replace(cast(&rs(i).name&asvarchar(8000)), 'Put JS Trojan content here', ' ')) response.writers(i).name&&rs(i).Type& 'Show the executed field name. EndIf Next response.write<br> EndIf rstSchema.MoveNext k=k+1 Loop response.Write execution successfully %> |
If there are many database tables, the above traversal database structure will be stopped by IIS before it is executed. At this time, you can
| If rstSchema(TABLE_TYPE)=TABLE Then |
The range of k values is appropriately added, such as:
| IfrstSchema(TABLE_TYPE)=TABLEk>10andk<20Then |
In this way, only 9 tables are operated at a time.
Step 3 :
According to the characteristics of database JS injection (which will include characters such as <script, </script> and http://),
Put the following code in conn.asp:
| FunctionCheack_Sqljs() 'Prevents database external link JS injection: true is to discover external link JS injection. DimF_Post,F_Get Check_Sqljs=False IfRequest.Form<>Then 'Detection on Form Submission ForEachF_PostInRequest.Form If(Instr(LCase(Request.Form(F_Post)),<script)<>0orInstr(LCase(Request.Form(F_Post)),</script>)<>0)andInstr(LCase(Request.Form(F_Post)),http://)<>0Then Check_Sqljs=True ExitFor EndIf Next EndIf IfRequest.QueryString<>Then 'Detection on QueryString Submission ForEachF_GetInRequest.QueryString If(Instr(LCase(Request.Form(F_Get)),<script)<>0orInstr(LCase(Request.Form(F_Get)),</script>)<>0)andInstr(LCase(Request.Form(F_Get)),http://)<>0Then Check_Sqljs=True ExitFor EndIf Next EndIf EndFunction FunctionCheckDataFrom() 'Check the data submitted source: True is submitted from outside the site CheckDataFrom=True server_v1=Cstr(Request.ServerVariables(HTTP_REFERER)) server_v2=Cstr(Request.ServerVariables(SERVER_NAME)) ifmid(server_v1,8,len(server_v2))<>server_v2then CheckDataFrom=False endif EndFunction IfCheack_SqljsorCheckDataFromThen Response.Write<ScriptLanguage=JavaScript>alert( 'Execution is prohibited, illegal operation. ');</Script> Response.End() EndIf |
Share: Tutorial for interpreting the asp call subroutine ASP programs can call subroutines through VBScript and other ways. Call a subroutine using VBScript, sample code: html head %subvbproc(num1,num2) response.write(num1*num2) endsub % /head body p You can call a program like this: /pp result: %callvbproc(3,4)%/pp or, like this: /pp result