Malicious Code

Results 1 to 2 of 2

Thread: Malicious Code

  1. #1
    Join Date
    Dec 1969

    Default Malicious Code

    I read an article on 4guys that said it&#039;s possible for someone to input malicious HTML and/or ASP code into a form. The writer recommended that any INSERT page first check for and strip away any naughty code.<BR><BR>Exactly what code should I check for? Should I strip away any instance of a "&#060;%" or "%&#062;"? Or is there more I need to do?<BR><BR>I can&#039;t install anything on the server in there a funcion that might do some checking along these lines. Any help<BR>appreciated.<BR><BR>thanks,<BR>Cameron

  2. #2
    Join Date
    Dec 1969

    Default RE: Malicious Code

    You can check if any of the posted data (or querystring data) contains "&#060;%", in which case it&#039;s a possibility that it&#039;s "naughty", as you called it :)<BR><BR>Just check to see if "&#060;%" exists. If it does, error.<BR>e.g.<BR>==== START<BR>&#060;%<BR>Dim foundcode<BR>foundcode = false<BR>for each RequestItem in Request.Form<BR> if InStr(Request.Form(RequestItem), "&#060;%") then<BR> foundcode = true<BR> end if<BR>next<BR>if foundcode then<BR> Response.Write("Stupid boy...")<BR> Response.End<BR>end if<BR>%&#062;<BR>==== END<BR><BR>Craig.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts