IIS 5 & IIS 6
Anyone know about www.nihaorr1.com/1.js?
Re: Anyone know about www.nihaorr1.com/1.js?
May 15, 2008 06:12 AM|drors01|LINK
I added the url filter to my site just in case...
But then I started getting too many false alarms due to google's search.
I is doing many sorts of phrases that include many of the words that are notallowed.
So I made a change to the verify function
'convert the querystring to lowercase
s = lcase(s)
risk_level_counter = 0
' badwords - a list of disallowed keywords in the url
badwords= "select 1=1 insert update delete drop -- table alter cast declare convert exec chr( union"
' create an array list of each back word
r = split(badwords, " ")
' loop through the bad words and return false if it is present.
for i =0 to ubound(r)
if instr(s, r(i)) > 0 then
risk_level_counter = risk_level_counter + 1
if risk_level_counter >= 2 then
verify = false
I think that I am going to give a uniqe level of risk to each word, for instance giving 3 for DECLARE, UPDATE , DROP and a level of 1 to select.
I would also combine the checks with the length of the string not allowing more than 150 characters for a known need.