알쓸다잡 (알아두면 쓸데 있는 다양한 잡식): ASP

2023년 3월 22일 수요일

ASP - SQL Injection and XSS Cross

Function SQLInjection(str)

Dim resultStr
resultStr = str

resultStr = Replace(resultStr, ";", " ")
resultStr = Replace(resultStr, "@variable", " ")
resultStr = Replace(resultStr, "@@variable", " ")
resultStr = Replace(resultStr, "+", " ")
resultStr = Replace(resultStr, "print", " ")
resultStr = Replace(resultStr, "set", " ")
resultStr = Replace(resultStr, "%", " ")
resultStr = Replace(resultStr, "<script>", " ")
resultStr = Replace(resultStr, "<SCRIPT>", " ")
resultStr = Replace(resultStr, "script", " ")
resultStr = Replace(resultStr, "SCRIPT", " ")
resultStr = Replace(resultStr, "or", " ")
resultStr = Replace(resultStr, "union", " ")
resultStr = Replace(resultStr, "and", " ")
resultStr = Replace(resultStr, "insert", " ")
resultStr = Replace(resultStr, "openrowset", " ")
resultStr = Replace(resultStr, "xp_", " ")
resultStr = Replace(resultStr, "decare", " ")
resultStr = Replace(resultStr, "select", " ")
resultStr = Replace(resultStr, "update", " ")
resultStr = Replace(resultStr, "delete", " ")
resultStr = Replace(resultStr, "shutdown", " ")
resultStr = Replace(resultStr, "drop", " ")
resultStr = Replace(resultStr, "--", " ")
resultStr = Replace(resultStr, "/*", " ")
resultStr = Replace(resultStr, "*/", " ")
resultStr = Replace(resultStr, "XP_", " ")
resultStr = Replace(resultStr, "DECLARE", " ")
resultStr = Replace(resultStr, "SELECT", " ")
resultStr = Replace(resultStr, "UPDATE", " ")
resultStr = Replace(resultStr, "DELETE", " ")
resultStr = Replace(resultStr, "INSERT", " ")
resultStr = Replace(resultStr, "SHUTDOWN", " ")
resultStr = Replace(resultStr, "DROP", " ")

SQLInjection = removeXSS(resultStr)

End Function

Function removeXSS(str)

Dim resultVal
resultVal = str

resultVal = Replace(resultVal, "&", "&")
resultVal = Replace(resultVal, "<xmp", "<x-xmo", 1, -1, 1)
resultVal = Replace(resultVal, "javascript", "<x-javascript", 1, -1, 1)
resultVal = Replace(resultVal, "script", "<x-script", 1, -1, 1)
resultVal = Replace(resultVal, "iframe", "<x-iframe", 1, -1, 1)
resultVal = Replace(resultVal, "document", "<x-document", 1, -1, 1)
resultVal = Replace(resultVal, "vbscript", "<x-vbscript", 1, -1, 1)
resultVal = Replace(resultVal, "applet", "<x-applet", 1, -1, 1)
resultVal = Replace(resultVal, "embed", "<x-embed", 1, -1, 1)
resultVal = Replace(resultVal, "object", "<x-object", 1, -1, 1)
resultVal = Replace(resultVal, "frame", "<x-frame", 1, -1, 1)
resultVal = Replace(resultVal, "grameset", "<x-grameset", 1, -1, 1)
resultVal = Replace(resultVal, "layer", "<x-layer", 1, -1, 1)
resultVal = Replace(resultVal, "bgsound", "<x-bgsound", 1, -1, 1)
resultVal = Replace(resultVal, "alert", "<x-alert", 1, -1, 1)
resultVal = Replace(resultVal, "onblur", "<x-onblur", 1, -1, 1)
resultVal = Replace(resultVal, "onchange", "<x-onchange", 1, -1, 1)
resultVal = Replace(resultVal, "onclick", "<x-onclick", 1, -1, 1)
resultVal = Replace(resultVal, "ondblclick","<x-ondblclick", 1, -1, 1)
resultVal = Replace(resultVal, "enerror", "<x-enerror", 1, -1, 1)
resultVal = Replace(resultVal, "onfocus", "<x-onfocus", 1, -1, 1)
resultVal = Replace(resultVal, "onload", "<x-onload", 1, -1, 1)
resultVal = Replace(resultVal, "onmouse", "<x-onmouse", 1, -1, 1)
resultVal = Replace(resultVal, "onscroll", "<x-onscroll", 1, -1, 1)
resultVal = Replace(resultVal, "onsubmit", "<x-onsubmit", 1, -1, 1)
resultVal = Replace(resultVal, "onunload", "<x-onunload", 1, -1, 1)
resultVal = Replace(resultVal, "<", "<")
resultVal = Replace(resultVal, ">", ">")

removeXSS = resultVal

End Function

출처 : https://blog.minov.co.kr/entry/ASP-SQL-Injection-XSS-Cross-%EB%B0%A9%EC%A7%80-%EC%BD%94%EB%93%9C

알쓸다잡 (알아두면 쓸데 있는 다양한 잡식)

2023년 3월 22일 수요일

ASP - SQL Injection and XSS Cross

댓글 없음:

댓글 쓰기

javascript - SQL 예약어 제거

신고하기