无组件上传中禁止ASP木马上传代码,ASP下测试通过

[ 2009-09-25 23:15:54 | 作者: admin ]
字号: | |
Function CheckASP(Byval sFileName)
dim FStream,stamp,sData
Set FStream=Server.createobject(”ADODB.Stream”)
FStream.Open
FStream.Type=1
FStream.LoadFromFile sFileName
FStream.position=0
stamp=FStream.read
sData = ByteArray2Text( stamp )
If SniffHtml( sData ) Then
FStream.Close
Set FStream=nothing
CheckASP = true
EXIT Function
End If
If SniffASP( sData ) Then
FStream.Close
Set FStream=nothing
CheckASP = true
EXIT Function
End If
FStream.Close
Set FStream=nothing
If err.number<>0 then return = true
CheckASP = false
End Function

Private Function SniffHtml( sData )

Dim oRE
Set oRE = New RegExp
oRE.IgnoreCase = True
oRE.Global = True

Dim aPatterns
aPatterns = Array( “<!DOCTYPE\W*X?HTML”, “<(body|head|html|img|pre|script|table|title)”, “type\s*=\s*[\'""]?\s*(?:\w*/)?(?:ecma|java)”, “(?:href|src|data)\s*=\s*[\'""]?\s*(?:ecma|java)script:”, “url\s*\(\s*[\'""]?\s*(?:ecma|java)script:” )

Dim i
For i = 0 to UBound( aPatterns )
oRE.Pattern = aPatterns( i )
If oRE.Test( sData ) Then
SniffHtml = True
Exit Function
End If
Next

SniffHtml = False

End Function

Private Function SniffASP( sData )
Dim oRE
Set oRE = New RegExp
oRE.IgnoreCase = True
oRE.Global = True

Dim aPatterns
aPatterns = Array(”.(getfolder|createfolder|deletefolder|createdirectory|deletedirectory|saveas)”,”wscript.shell”,”script.encode”,”server.”,”.createobject”,”execute”,”activexobject”,”language=”,”request”,”server”,”script”)
Dim i
For i = 0 to UBound( aPatterns )
oRE.Pattern = aPatterns( i )
If oRE.Test( sData ) Then
SniffASP = true
Exit Function
End If
Next
SniffASP = false
End Function

Private Function ByteArray2Text(varByteArray)
Dim strData, strBuffer, lngCounter
strData = “”
strBuffer = “”
For lngCounter = 0 to UBound(varByteArray)
strBuffer = strBuffer & Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1)))
‘Keep strBuffer at 1k bytes maximum
If lngCounter Mod 1024 = 0 Then
strData = strData & strBuffer
strBuffer = “”
End If
Next
ByteArray2Text = strData & strBuffer
End Function
评论Feed 评论Feed: http://blog.xg98.com/feed.asp?q=comment&id=1284

这篇日志没有评论。

此日志不可发表评论。