<% sqlArray = "select%20|delete%20|update%20|insert%20|create%20|alter%20|drop%20|truncate%20|sp_|declare%20|exec(" idx = split(sqlArray,"|") InjectionFound = false for i = 0 to ubound(idx) 'Response.Write(idx(i)) pos=InStr(1,UCase(Request.QueryString),UCase(idx(i)),0) if pos <> 0 then InjectionFound = true exit for else InjectionFound = false end if next if InjectionFound = false then 'Response.Write("Injection(s) Not Found") else strContents = "Some one is trying to Hack the Site please check detials given below" & "

" strContents = strContents &"QUERY_STRING = " & Request.ServerVariables("QUERY_STRING") & "
" strContents = strContents & "REMOTE_ADDR = " & Request.ServerVariables("REMOTE_ADDR") & "
" strContents = strContents & "REMOTE_HOST = " & Request.ServerVariables("REMOTE_HOST") & "
" strContents = strContents & "REMOTE_USER = " & Request.ServerVariables("REMOTE_USER") & "
" strContents = strContents & "REQUEST_METHOD = " & Request.ServerVariables("REQUEST_METHOD") & "
" strContents = strContents & "SCRIPT_NAME = " & Request.ServerVariables("SCRIPT_NAME") & "
" strContents = strContents & "SERVER_NAME = " & Request.ServerVariables("SERVER_NAME") & "
" Set objCDO = Server.CreateObject("CDONTS.NewMail") objCDO.MailFormat = 0 ' html format objCDO.BodyFormat = 0 ' html format objCDO.To = "zahidrahim@hotmail.com" objCDO.From = "zahidrahim@hotmail.com" objCDO.Importance = 2 objCDO.Subject = Request.ServerVariables("SERVER_NAME") & " | Hacker Info" objCDO.Body = strContents objCDO.Send Response.Redirect("/") Response.end end if %> <% 'Module : Section page reading routine. 'Description : Fetch Section, Content, and Css details for the current document. ' : The document is fetched from teh QueryString variable "con" ' : On the bases of the provided QS value the routine queries various detail specificDB tables ' : and fetch document related data. (tables: tblSection, tblContent, tblCss) 'Author : Waqas Mahmood Khan 'Created : Wednesday, May 28, 2003 6:00 PM '// ****************************************************************************** // 'Local variables Dim SectionName, SectionId Dim strSQLCss, strSQLContent, strSQLSection Dim objRsCss, objRsSection, objRsContent Dim DocId, DocTitle, DocDescription, DocFile, DocPath, DocCssId Dim CssId, CssFile, CssPath Dim objFSO, objDocFile Dim strFileDataString Dim P1, P2 'Normalize QueryString "con" DocId = Request.QueryString("con") If Len(DocId) = 0 Then DocId = 0 'Fetch current section name from URL P1 = InStrRev(Request.ServerVariables("SCRIPT_NAME"), "/") - 1 P2 = InStrRev(Request.ServerVariables("SCRIPT_NAME"), "/", P1) + 1 SectionName = Mid(Request.ServerVariables("SCRIPT_NAME"), P2, (P1-p2)+1) ' //**************** **********************************// 'Query tblSection, and get this section's detail: '"SectionId", and "SectionName" 'Close and destruct RecordSet objRsSection 'strSQLSection = "SELECT SectionId, SectionName FROM tblSection WHERE SectionName = '"&Trim(SectionName)&"'" strSQLSection = "SELECT SectionId, SectionName FROM tblSection WHERE SectionName = 'Articles and Research Work'" 'Response.Write strSQLSection Set objRsSection = objCon.Execute(strSQLSection) If Not objRsSection.EOF Then SectionId = objRsSection("SectionId") SectionName = objRsSection("SectionName") End If 'response.Write("Seciotn Id and name" & SectionId & SectionName) objRsSection.Close Set objRsSection = Nothing ' //**************** **********************************// 'Query tblContent, and get this document details based on the current section and docuemnt id. 'Document id is passed in QueryString variable "con" 'Title = Document Title value. 'Description = Document brief description. 'DocFileName = Document file name. 'DocFilePath = Document file path location - Physical path relative to current section path. 'DocCssid = Style sheet (Css) file id referenced for this document. 'Close and destruct RecordSet objRsContent '" & SectionId & " strSQLContent = "SELECT Title, Description, DocFileName, DocFilePath, DocCssId FROM tblContent WHERE SectionId =3 AND DocumentId = "&DocId 'response.Write(strSQLContent) Set objRsContent = objCon.Execute(strSQLContent) If Not objRsContent.EOF Then DocTitle = objRsContent("Title") DocDescription = objRsContent("Description") DocFile = objRsContent("DocFileName") DocPath = objRsContent("DocFilePath") DocCssId = objRsContent("DocCssId") End If objRsContent.Close Set objRsContent = Nothing ' //**************** **********************************// 'Query tblCss, and get this Stle Sheet details based on the DocCssId and SectionId. 'CssFile = Style Sheet file name. 'CssFilePath = Style Sheet file path. 'Close and destruct RecordSet objRsCss strSQLCss = "SELECT CssFile, CssFilePath FROM tblCss WHERE SectionId = "&SectionId&" AND CssId = " & DocCssId 'response.Write(strSQLCss ) Set objRsCss = objCon.Execute(strSQLCss) If Not objRsCss.EOF Then CssFile = objRsCss("CssFile") CssPath = objRsCss("CssFilePath") End If 'Normalize Css path to relative Web path - "\" replaced with "/" CssPath = Replace(CssPath, "\", "/") objRsCss.Close Set objRsCss = Nothing %> <%If len(CssPath) = 0 OR Len(CssFile) = 0 Then%> <%Else%> <%End If%>

	<% ' Module : Scripting.FileSystemObject is used to open and read text file ' Description : FSO object fetch the file on the bases of two variable values ' : "DocPath" - Contains the document physical path which is fetched from DB in above module ' Author : Waqas Mahmood Khan ' Created : Wednesday, May 28, 2003 7:00Pm '// ************************************************************* // ' If DocId <> 0 Then CONST ForReading = 1 Set objFSO = Server.CreateObject("Scripting.FileSystemObject") If objFSO.FileExists(Request.ServerVariables("APPL_PHYSICAL_PATH")& DocPath & DocFile) Then Set objDocFile = objFSO.OpenTextFile(Request.ServerVariables("APPL_PHYSICAL_PATH")& DocPath & DocFile, ForReading) strFileDataString = objDocFile.ReadAll objDocFile.Close Response.Write strFileDataString Else Response.Write "File not found - broken link! "&VbCrLf Response.Write " - No file available behind this URL. "&VbCrLf Response.Write " - To report about this broken link to webmaster "&VbCrLf Response.Write "click here, and a notification will be sent." End If ' Else ' End If %>