摘要:
经常听说的ASP上传漏洞,即是将一些木马文件修改后缀名(修改为图像文件后缀),进行上传。针对此情况使用下列函数进行辨别关键字:
正文:
))=False Then
upf.CreateFolder Server.MapPath(f_folder)
upf.CreateFolder Server.MapPath(f_folder&"/"&f_type)
upf.CreateFolder Server.MapPath(f_folder&"/"&f_type&"/"&f_name)
Else
upf.CreateFolder Server.MapPath(f_folder&"/"&f_type)
upf.CreateFolder Server.MapPath(f_folder&"/"&f_type&"/"&f_name)
End If
Else
upf.CreateFolder Server.MapPath(f_folder&"/"&f_type&"/"&f_name)
End If
End If
f_ftn=f_folder&"/"&f_type&"/"&f_name
Set upf=Nothing
********保存上传文件至文件夹********
randomize
ranNum=int(90000*rnd)+10000
filename=f_ftn&"/"&day(now)&"-"&ranNum&"-"&file.filename
if TrueStr(filename)=false then
response.write "非法文件"
response.end
end if
if file.filesize>filesizemin and file.filesize<filesizemax then
file.SaveAs Server.mappath(filename) 保存文件
If not CheckFileType(Server.mappath(filename)) then
response.write "错误的图像格式"
Set fso = CreateObject("Scripting.FileSystemObject")
Set ficn = fso.GetFile(Server.mappath(filename))
ficn.delete
set ficn=nothing
set fso=nothing
response.end
end if
if f_type="JPG" or f_type="GIF" or f_type="PNG" then
response.write "<script>parent.cn_bruce.cn_content.value+=
</script>"
ElseIf f_type="ZIP" or f_type="RAR" or f_type="DOC" or f_type="TXT" then
response.write "<script>parent.cn_bruce.cn_content.value+="&filename&"</script>"
ElseIf
else
response.write "<script>parent.cn_bruce.cn_content.value+= "&filename&" </script>"
end if
iCount=iCount+1
end if
set file=nothing
end if
next
set upload=nothing 删除此对象
response.write (iCount&" 个文件上传成功! <a href=# onclick=history.go(-1)>继续上传</a>")
%>
</body>
</html>
[1][2][3][4]
