1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144 | Function cleanchars(str)
'this gets put in the program that you want to cleans the data with.
'fname = cleanchars(trim(Request("xxxxx"))) 'here is the call for the
function
newstr = ""
if InStr(str, "'") > 0 then
str = ""
end if
if instr(str, "DECLARE") > 0 then
newstr = ""
Set Mailer = Server.CreateObject("CDO.Message")
Mailer.From = AdminEmail
Mailer.To = BrianEmail
Mailer.Subject = "NoPork.com Hacking Attempt"
msg = Date & VbCrLf & VbCrLf
msg = msg & "Hacking Blocked, but check the data" & VbCrLf & VbCrLf
msg = msg & "STR: " & str & " char " & char & VbCrLf & VbCrLf
msg = msg & "Here is the IP " &
Request.ServerVariables("REMOTE_ADDR") & VbCrLf & VbCrLf
msg = msg & "Web Page " & Request.ServerVariables("URL") & VbCrLf &
VbCrLf
msg = msg & "Host " & Request.ServerVariables("HOST") & VbCrLf &
VbCrLf
msg = msg & "Length of String " & len(str) & vbcrlf & vbcrlf
Mailer.TextBody = msg
Mailer.Send
Set Mailer = nothing
Response.Redirect("http://www.google.com/")
end if
For ii = 1 to Len(str)
char = Mid(str,ii,1)
Select Case char
case " ", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j",
"k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y",
"z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N",
"O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2",
"3", "4", "5", "6", "7", "8", "9", "@", ".", "-", "_", "/", "&"
newstr = newstr & char
Case Else
Set Mailer = Server.CreateObject("CDO.Message")
Mailer.From = AdminEmail
Mailer.To = BrianEmail
Mailer.Subject = "NoPork.com Hacking Attempt"
msg = Date & VbCrLf & VbCrLf
msg = msg & "Hacking Blocked, but check the data" & VbCrLf & VbCrLf
msg = msg & "STR: " & str & " char " & char & VbCrLf & VbCrLf
msg = msg & "Here is the IP " &
Request.ServerVariables("REMOTE_ADDR") & VbCrLf & VbCrLf
msg = msg & "Web Page " & Request.ServerVariables("URL") & VbCrLf &
VbCrLf
msg = msg & "Host " & Request.ServerVariables("HOST") & VbCrLf &
VbCrLf
msg = msg & "Length of String " & len(str) & vbcrlf & vbcrlf
Mailer.TextBody = msg
Mailer.Send
Set Mailer = nothing
End Select
Next
if len(str) > 350 then
newstr = ""
Response.Redirect("http://www.nopork.com/")
end if
if instr(str, "DECLARE") > 0 then
newstr = ""
Response.Redirect("http://www.nopork.com/")
end if
if instr(str, "declare") > 0 then
Response.Redirect("http://www.nopork.com/")
end if
if instr(str, "www") > 0 then
Response.Redirect("http://www.nopork.com/")
end if
'For ii = 1 to Len(str)
' char = Mid(str,ii,1)
' Select Case char
' Case ",", "?", "/", "!", "#", "$", "%", "^", "&", "*", "(",
")", "+", "=", "~", "`", "{", "}", "[", "]", "|", "\", "/", "<", ">", ";",
":", "'"
' Case Else
' newstr = newstr & char
' End Select
' Next
newstr = Replace(lcase(newstr), " or ", "")
newstr = Replace(lcase(newstr), " and ", "")
newstr = Replace(lcase(newstr), " from ", "")
newstr = Replace(lcase(newstr), " into ", "")
newstr = Replace(lcase(newstr), "insert", "")
newstr = Replace(lcase(newstr), "update", "")
newstr = Replace(lcase(newstr), "set", "")
newstr = Replace(lcase(newstr), "where", "")
newstr = Replace(lcase(newstr), "drop", "")
newstr = Replace(lcase(newstr), "values", "")
newstr = Replace(lcase(newstr), "null", "")
newstr = Replace(lcase(newstr), "http", "")
newstr = Replace(lcase(newstr), "js", "")
newstr = Replace(lcase(newstr), "declare", "")
newstr = Replace(lcase(newstr), "script", "")
newstr = Replace(lcase(newstr), "xp_", "")
newstr = Replace(lcase(newstr), "CRLF", "")
newstr = Replace(lcase(newstr), "%3A", "")'; HEX
newstr = Replace(lcase(newstr), "%3B", "")':
newstr = Replace(lcase(newstr), "%3C", "")'<
newstr = Replace(lcase(newstr), "%3D", "")'=
newstr = Replace(lcase(newstr), "%3E", "")'>
newstr = Replace(lcase(newstr), "%3F", "")'?
newstr = Replace(lcase(newstr), """, "")'"
newstr = replace(lcase(newstr), "&", "")'&
newstr = replace(lcase(newstr), "<", "")'<
newstr = replace(lcase(newstr), ">", "")'&
newstr = replace(lcase(newstr), "exec", "")'&
newstr = replace(lcase(newstr), "onvarchar", "")'&
newstr = replace(lcase(newstr), "set", "")'&
newstr = replace(lcase(newstr), " cast ", "")'&
newstr = replace(lcase(newstr), "00100111", "")'
newstr = replace(lcase(newstr), "00100010", "")';
newstr = replace(lcase(newstr), "00111100", "")'<
newstr = replace(lcase(newstr), "select", "")'<
newstr = replace(lcase(newstr), "0x", "")'<
newstr = replace(lcase(newstr), "exe", "")'<
newstr = replace(lcase(newstr), "delete", "")'<
newstr = replace(lcase(newstr), "go ", "")'<
newstr = replace(lcase(newstr), "create", "")'<
newstr = replace(lcase(newstr), "convert", "")'<
cleanchars = newstr
'response.write cleanchars
End Function
|