<%
'// = - = - = - = - = - = - = - = - Custom Injection Specification Start = - = - = - = - = - = - = - = -
DIM INJ (20)
INJ (1) = "'"
INJ (2) = ";"
INJ (3) = "0x"
INJ (4) = "exec"
INJ (5) = "-"
INJ (6) = "declare"
INJ (7) = "Database"
INJ (8) = "SELECT"
INJ (9) = "Union"
INJ (10) = "Update"
INJ (11) = "insert"
INJ (12) = "delete"
INJ (13) = "CREATE"
INJ (14) = "Table"
INJ (15) = "AND"
INJ (16) = "OR"
INJ (17) = "1 ="
INJ (18) = "0 <>"
INJ (19) = "Where"
INJ (20) = ""
'// = - = - = - = - = - = - = - = - The end of the injection characterization = - = - = - = - = - = - = - = -
'= - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - = - =
'// = - = - = - = - = - = - = - = - Custom Injection Meeting Guess Start = - = - = - = - = - = - = - = -
Dim Err (20)
err (1) = "trying to make SQL unclosed quotation mark, an error
"
err (2) = "attempt to interrupt the SQL command, tried to perform another piece of code
"
err (3) = "trying to use HEX (16 hex) Code injection
"
err (4) = "trying to execute SQL extended stored
"
err (5) = "tried to comment out some SQL commands
"
err (6) = "attempts to define data
"
err (7) = "attempted to perform database-related operations
"
err (8) = "Attempting to query the database
"
err (9) = "simultaneous attempt to use SQL query
"
err (10) = "attempts to modify the database data
"
err (11) = "attempt to insert data into the database
" err (12) = "
trying to delete data from the database."
err (13) = "trying to establish a table or database
"
err (14) = "attempts to operating table
"
Err (15) = "Attempts to establish additional conditions
Err (16) = "Try to bypass existing conditions
err (17) = "attempted to test the SQL injection vulnerability or format conversion to generate an error
"
err (18) = "attempt to the database injection
"
err (19) = "try to customize the conditions
"
err (20) = "Unknown
"
'// = - = - = - = - = - = - = - = - Injective guess end = - = - = - = - = - = - = - = -
ID = Trim (Request ("ID") '// Get the ID value in the browser
IF id <> "" "
if not isnumeric (ID) THEN '/ / Decision ID is a number,
Response.write " From" "Remote_Addr") & ", Hello, you! The operation you just is considered harmful to operate, the purpose of operation is: < Br>
For i = 1 to 20
IF INSTR (ID, INJ (i))> 0 THEN
Response.write "" & I & "." & Err (i) & ""
END IF
NEXT
response.write " Please behave!
"
Else
response.write " Your input id =" & id & "as a number. Enter the correct!
"
END IF
Else
response.write " id you entered is empty. Please re-enter.
"
END IF
%>
