<%
Server.ScriptTimeout =500
UserPass = "neeao" '系统管理密码,请修改neeao为你自己的密码!
URL = Request.ServerVariables("URL")
Action = Request("Action")
db ="SqlIn.mdb" '记录数据库路径修改为你的数据库路径
dim conn,connstr
'On Error Resume Next
Set conn = Server.CreateObject("ADODB.Connection")
connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" & Server.MapPath(db)
conn.Open connstr
If Err Then
err.Clear
Set conn = Nothing
Response.Write "数据库连接出错,请检查连接字串。"
Response.End
End If
If Session("AdminPassWord")<>UserPass Then
If Request.Form("LPass")<>"" Then
If Request.Form("LPass")=UserPass Then
Session("AdminPassWord")=UserPass
Call Main()
Else
response.write"验证失败!"
End If
Else
Call Login()
End If
Response.End
Else
Select Case Action
Case "Del"
Call Delip()
Case "lock"
Call lockIP()
Case "unlock"
Call UnLockip()
Case "Logout"
Call Logout()
Case "config"
Call config()
Case "saveconfig"
Call saveconfig()
Case Else
Call Main()
end Select
End If
Sub Login()
%>
Sql通用防注入系统3.1最终纪念版
<%
End Sub
Sub Main()
Call header()
%>
<%
sql="select * from SqlIn order by id desc"
set rs=server.createobject("adodb.recordset")
rs.open sql,conn,1,1
if rs.eof and rs.bof then
response.write "暂无内容"
else
'分页的实现
listnum=20
Rs.pagesize=listnum
page=Request("page")
if (page-Rs.pagecount) > 0 then
page=rs.pagecount
elseif page = "" or page < 1 then
page = 1
end if
rs.absolutepage=page
'编号的实现
j=rs.recordcount
j=j-(page-1)*listnum
i=0
nn=request("page")
if nn="" then
n=0
else
nn=nn-1
n=listnum*nn
end if%>
| 编号 |
操作IP |
是否锁定 |
操作 |
操作页面 |
操作时间 |
提交方式 |
提交参数 |
提交数据 |
<%do while not rs.eof and i
<%
Call footer()
end Sub
sub config()
Call header()
Set rsinfo=conn.execute("select * from config")
N_In = rsinfo("N_In")
Kill_IP = rsinfo("Kill_IP")
WriteSql = rsinfo("WriteSql")
alert_url = rsinfo("alert_url")
alert_info = rsinfo("alert_info")
kill_info = rsinfo("kill_info")
N_type = rsinfo("N_type")
Sec_Forms = rsinfo("Sec_Forms")
Sec_Form_open = rsinfo("Sec_Form_open")
rsinfo.close
Set rsinfo=Nothing
%>
<%
Call footer()
end Sub
Sub header()
%>
Sql通用防注入系统3.1最终纪念版-By Neeao (Bug.Center.Team-漏洞预警中心小组)
<%
End Sub
sub footer()
%>
<%
end Sub
Sub Delip()
dim id
id = request.form("id")
conn.execute("delete from SqlIn where id in ( " & id & ")")
Response.Redirect URL
End sub
Sub Lockip()
id = clng(request("id"))
conn.execute("update SqlIn set Kill_ip=true where id="&id)
Response.Redirect URL
End sub
Sub UnLockip()
id = clng(request("id"))
conn.execute("update SqlIn set Kill_ip=False where id="&id)
Response.Redirect URL
End sub
Sub Logout()
Session("AdminPassWord")="NUll"
Response.Redirect URL
End Sub
Sub saveconfig
N_In =replace(request.form("N_In"),"'","''")
Kill_IP =request.form("Kill_IP")
WriteSql =request.form("WriteSql")
alert_url =request.form("alert_url")
alert_info =request.form("alert_info")
kill_info =request.form("kill_info")
N_type =request.form("N_type")
Sec_Forms =request.form("Sec_Forms")
Sec_Form_open=request.form("Sec_Form_open")
sql="update config set N_In='"&N_In&"',Kill_IP="&Kill_IP&",WriteSql="&WriteSql&",alert_url='"&alert_url&"',alert_info='"&alert_info&"',kill_info='"&kill_info&"',N_type="&N_type&",Sec_Forms='"&Sec_Forms&"',Sec_Form_open="&Sec_Form_open&""
'response.write sql
conn.execute(sql)
Application.Lock
set Application("Neeao_config_info")=nothing
Application.unlock
Call main()
End Sub
Function N_Replace(N_urlString)
N_urlString = Replace(N_urlString,"'","''")
N_urlString = Replace(N_urlString, ">", ">")
N_urlString = Replace(N_urlString, "<", "<")
N_Replace = N_urlString
End Function
%>