访问/ ASP黑客插入 [英] Access / ASP hacked insert

问题描述

我有一个带有Access2000数据库的小型ASP网站。

似乎有人通过输入URL

和
找到了它并将INSERTS记录放入表中
不是通过网页/表格。

我知道这一点因为我有一些vbscript提示所有字段必须是

填写。

这些INSERTed记录包含MIME的错误匹配..

内容等

有没有办法防止这种情况发生？我想，也许是商店程序或

功能？

谢谢

Gord

-

通过 http://www.accessmonster.com 发布消息

I have a small ASP website with an Access2000 database.
Seems someone has found it and INSERTS records into a table by typing the URL
and
not via web page/form.
I know this as I have some vbscript that prompts that all fields must be
filled in.
These INSERTed records have a miss match of characters including MIME ..
CONTENT etc.
Is there a way I prevent this? I'',m thinking maybe a store procedure or a
function?
Thanks
Gord
--
Message posted via http://www.accessmonster.com

推荐答案

2005年9月23日星期五19:48:22 GMT，Gord D via AccessMonster.com < FO *** @ AccessMonster.com>写道：

On Fri, 23 Sep 2005 19:48:22 GMT, "Gord D via AccessMonster.com" <fo***@AccessMonster.com> wrote:

我有一个带有Access2000数据库的小型ASP网站。
似乎有人通过输入URL找到它并将INSERTS记录到表中
和<不是通过网页/表格。
我知道这一点，因为我有一些vbscript，提示所有字段必须填写。
这些INSERTed记录的字符不匹配，包括MIME ..
内容等
有没有办法防止这种情况发生？我想，也许是商店程序或
功能？
感谢
Gord

I have a small ASP website with an Access2000 database.
Seems someone has found it and INSERTS records into a table by typing the URL
and
not via web page/form.
I know this as I have some vbscript that prompts that all fields must be
filled in.
These INSERTed records have a miss match of characters including MIME ..
CONTENT etc.
Is there a way I prevent this? I'',m thinking maybe a store procedure or a
function?
Thanks
Gord

使用Post方法？

检查引用者？ （防止人们使用虚假形式）

Use Post method?
Check the referer? (to prevent people using phony forms)

Gord D通过AccessMonster.com写道：

Gord D via AccessMonster.com wrote:

我有一个带有Access2000数据库的小型ASP网站。
似乎有人通过键入URL
和
而不是通过网页/表单找到它和INSERTS记录到表中。
我知道这是因为我有一些vbscript提示所有字段都必须填写。
这些INSERTed记录包含MIME的错误匹配。
CONTENT等
有没有办法防止这种情况发生？我想，可能是商店程序或
功能？

I have a small ASP website with an Access2000 database.
Seems someone has found it and INSERTS records into a table by typing the URL
and
not via web page/form.
I know this as I have some vbscript that prompts that all fields must be
filled in.
These INSERTed records have a miss match of characters including MIME ..
CONTENT etc.
Is there a way I prevent this? I'',m thinking maybe a store procedure or a
function?

验证服务器端的所有内容。不管怎样，这有点疯狂。

Validate everything on the server side. It''s mildly insane not to.

礼貌的人写道：

我有一个小的ASP网站使用Access2000数据库。
似乎有人通过输入URL找到它和INSERTS记录到表中

I have a small ASP website with an Access2000 database.
Seems someone has found it and INSERTS records into a table by typing the URL

[引用文本剪辑 - 8行]

[quoted text clipped - 8 lines]

谢谢
Gord

Thanks
Gord

使用Post方法？
检查referer？ （以防止人们使用虚假形式）

Use Post method?
Check the referer? (to prevent people using phony forms)

是的，我发帖...嗯我将不得不看看我能弄明白你的意思

Referer。我假设

1.asp是表单页面2.asp是SQL INSERT页面。

所以在页面2.asp如果Referer在1.asp那么INSERT无效....嗯

谢谢我会调查。

-

留言通过 http://www.accessmonster.com

这篇关于访问/ ASP黑客插入的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！