[devtalk] SQL injection attack help
Portman
mrport at roadrunner.com
Wed Nov 11 21:12:45 GMT 2009
Here is my code:
'Test email for characters that signal malicious content
strEmail = Request.Form("email")
Dim MailTest
MailTest = inStr(strEmail,"<")
if MailTest <> 0 then
Response.Redirect "../index.asp"
end if
MailTest = inStr(strEmail,"'")
if MailTest <> 0 then
Response.Redirect "../index.asp"
end if
MailTest = inStr(strEmail,">")
if MailTest <> 0 then
Response.Redirect "../index.asp"
end if
Dim RegEx
Set RegEx = New regexp
RegEx.Pattern = "<|>|<|>"
RegEx.Global = True
RegEx.IgnoreCase = True
Set RegEx = NOTHING
The code that I have found to be inserted most commonly is a <script>
tag with a URL in it. Don't know how much of it I can post without it
being stopped by spam filters, etc. Is this what you meant?
Riva
Robert Hoenig wrote:
> Is there anyway to send in a parameter list that might be inserted.
>
> Post your code again.
More information about the devtalk
mailing list