Example method: Solving ASP image Upload vulnerability

Solve | upload | upload bug

Often heard of ASP upload vulnerability, that is, some Trojan file to modify the suffix name (modified to the image file suffix), upload.

Use the following functions for this situation to identify:
<%
'******************************************************************
' Checkfiletype function to check whether a file is a picture file
' parameter filename is the path to the local file
' If it's one of the file jpeg,gif,bmp,png pictures, the function returns True, otherwise it returns false
'******************************************************************

Const Adtypebinary=1

Dim jpg (1): JPG (0) =cbyte (&HFF): JPG (1) =cbyte (&HD8)
Dim bmp (1): BMP (0) =cbyte (&h42): BMP (1) =cbyte (&H4D)
Dim png (3):p ng (0) =cbyte (&h89):p ng (1) =cbyte (&h50):p ng (2) =cbyte (&h4e):p ng (3) =cbyte (&H47)
Dim gif (5): GIF (0) =cbyte (&h47): GIF (1) =cbyte (&h49): GIF (2) =cbyte (&h46): GIF (3) =cbyte (&h39): GIF (4) = CByte (&h38): GIF (5) =cbyte (&h61)

function Checkfiletype (filename)
On Error Resume Next
Checkfiletype=false
Dim fstream,fileext,stamp,i
Fileext=mid (Filename,instrrev (FileName, ".") +1)
Set Fstream=server.createobject ("ADODB. Stream ")
FStream. Open
FStream. Type=adtypebinary
FStream. LoadFromFile filename
Fstream.position=0
Select Case Fileext
Case "JPG", "JPEG"
Stamp=fstream.read (2)
For i=0 to 1
If AscB (MidB (stamp,i+1,1)) =jpg (i) then checkfiletype=true else checkfiletype=false
Next
Case "GIF"
Stamp=fstream.read (6)
For I=0 to 5
If AscB (MidB (stamp,i+1,1)) =gif (i) then checkfiletype=true else checkfiletype=false
Next
Case "PNG"
Stamp=fstream.read (4)
For I=0 to 3
If AscB (MidB (stamp,i+1,1)) =png (i) then checkfiletype=true else checkfiletype=false
Next
Case "BMP"
Stamp=fstream.read (2)
For i=0 to 1
If AscB (MidB (stamp,i+1,1)) =bmp (i) then checkfiletype=true else checkfiletype=false
Next
End Select
FStream. Close
Set fseteam=nothing
If Err.number<>0 then Checkfiletype=false
End Function
%>

So when it comes to application,
Checkfiletype (Server.MapPath ("cnbruce.jpg"))
Or
Checkfiletype ("F:/web/164/images/cnbruce.jpg"))

That is, to detect the image file type that verifies the local physical address, return TRUE or False

So this situation applies to the image of the cross, the current approach is to allow the "pseudo image" file upload, and then use the above custom function to determine whether the file conforms to the image specifications, if the Trojan camouflage image files are fso deleted, such as:
File. SaveAs server.mappath (filename) ' Save file '
If not Checkfiletype (Server.MapPath (filename)) Then
Response.Write "Bad image format"
Set fso = CreateObject ("Scripting.FileSystemObject")
Set FICN = fso. GetFile (Server.MapPath (filename))
Ficn.delete
Set ficn=nothing
Set fso=nothing
Response.End
End If

is to upload the file first, and then immediately use the custom function to determine the file image type of anastomosis, FSO to delete the file operation.

ASP upload vulnerability also use "" "FilePath to carry out hand and foot operation
The following functions can be used for such situations:
function Truestr (filetrue)
Str_len=len (Filetrue)
Pos=instr (FILETRUE,CHR (0))
If pos=0 or Pos=str_len then
Truestr=true
Else
Truestr=false
End If
End Function

Then you can make the file upload after judging

If TRUESTR (filename) =false Then
Response.Write "Illegal Files"
Response.End
End If

File. SaveAs Server.MapPath (filename)