ASP display directory download all folders and files
Sub Showallfile (Path)
Set F1so = CreateObject ("Scripting.FileSystemObject")
If not f1so. FolderExists (Path) then Exit Sub
Set f = f1so. GetFolder (Path)
Set FC2 = F.files
For each myfile in FC2
If Checkext (F1so. Getextensionname (path& "" &myfile.name)) Then
Call Scanfile (path&temp& "" &myfile.name, "")
Sumfiles = sumfiles + 1
End If
Next
Set FC = F.subfolders
For each F1 in FC
Showallfile path& "" &f1.name
Sumfolders = sumfolders + 1
Next
Set F1so = Nothing
End Sub
Sub Scanfile (FilePath, InFile)
server.scripttimeout=999999999
If InFile <> "" Then
Infiles = "<font color=red> the file is <a href=" "http://" &request.servervariables ("SERVER_NAME") & "/" & Turlencode (InFile) & "" "Target=_blank>" & InFile & "</a> file contains execution </font>"
End If
Set Fso1s = CreateObject ("Scripting.FileSystemObject")
On Error Resume Next
Set ofile = Fso1s.opentextfile (FilePath)
Filetxt = Lcase (Ofile.readall ())
If Err Then Exit Sub End If
If Len (filetxt) >0 Then
Filetxt = vbCrLf & Filetxt
temp = "<a href=" "http://" &request.servervariables ("SERVER_NAME") & "/" &turlencode (replace ( Filepath,server. MapPath ("") & "", "", 1,1,1), "", "/") & "" Target=_blank> "&replace (filepath,server. MapPath ("") & "", "", 1,1,1) & "</a><br/>"
temp=temp& "<a href=" Javascript:fullform ("" "&replace (replace (filepath,server). MapPath ("") & "", "", 1,1,1), "", "") & "" "," "Editfile" ") ' class= ' am ' title= ' edit ' >Edit</a> '
temp=temp& "<a href=" Javascript:fullform ("" "&replace (replace (filepath,server). MapPath ("") & "", "" ", 1,1,1)," "," "" & "" "," "Delfile" "" "" Onclick= ' return Yesok () ' class= ' am ' title= ' delete ' >del </a > "
temp=temp& "<a href=" Javascript:fullform ("" "&replace (replace (filepath,server). MapPath ("") & "", "", 1,1,1), "", "") & "" "," "CopyFile" ") ' class= ' am ' title= ' copy ' >Copy</a> '
temp=temp& "<a href=" Javascript:fullform ("" "&replace (replace (filepath,server). MapPath ("") & "", "", 1,1,1), "", "") & "" "," "MoveFile" ") ' class= ' am ' title= ' move ' >Move</a> '
If InStr (Filetxt, Lcase ("WSCR" &DoMyBest& "IPT.") Shell ")) or Instr (Filetxt, Lcase (" clsid:72c24dd5-d70a "&DoMyBest&" -438b-8a42-98424b88afb8 ")) Then
The report& "<tr><td>" &temp& "</TD><TD>WSCR" &DoMyBest& "IPT". Shell or clsid:72c24dd5-d70a "&DoMyBest&" -438b-8a42-98424b88afb8</td><td><font color=red > Hazardous components, commonly used by ASP </font> "&infiles&" </td><td> "&getdatecreate (filepath) &" < Br> "&getdatemodify (filepath) &" </td></tr> "
Sun = Sun + 1
Temp= "-Ditto-"
End If
If InStr (Filetxt, Lcase) ("She" &DoMyBest& "LL." Application ")) or Instr (Filetxt, Lcase (" clsid:13709620-c27 "&DoMyBest&" 9-11ce-a49e-444553540000 ")) Then
report& "<tr><td>" &temp& "</td><td>she" &DoMyBest& LL. Application or clsid:13709620-c27 "&DoMyBest&" 9-11ce-a49e-444553540000</td><td><font color= red> hazardous components, commonly used by ASP </font> "&infiles&" </td><td> "&getdatecreate (filepath) &" <br> "&getdatemodify (filepath) &" </td></tr> "
Sun = Sun + 1
Temp= "-Ditto-"
End If
Set regEx = New RegExp
Regex.ignorecase = True
Regex.global = True
Regex.pattern = "blanguages*=s*[" "]?s* (vbscript|jscript|javascript). Encodeb"
If regex.test (filetxt) Then
The report& "<tr><td>" &temp& "</td><td> (vbscript|jscript|javascript). Encode</td><td><font color=red> seems to be encrypted. </font> "&infiles&" </td><td> &getdatecreate (filepath) & "<br>" &getdatemodify (filepath) & "</td></tr>"
Sun = Sun + 1
Temp= "-Ditto-"
End If
Regex.pattern = "BEv" & "ALB"
If regex.test (filetxt) Then
report& "<tr><td>" &temp& "</td><td>ev" & "Al</td><td>e" The & Val () function can execute any ASP code <br> but can also be used in JavaScript code, possibly false positives. "&infiles&" </td><td> "&getdatecreate (filepath) &" <br> "&getdatemodify ( FilePath) & "</td></tr>"
Sun = Sun + 1
Temp= "-Ditto-"
End If
Regex.pattern = "[^.] Bexe "&" Cuteb "
If regex.test (filetxt) Then
report& "<tr><td>" &temp& "</td><td>exec" & UTE</TD><TD ><font color=red>e "&" Xecute () function can execute any ASP code </font><br> "&infiles&" </td> <td> "&getdatecreate (filepath) &" <br> "&getdatemodify (filepath) &" </td></tr > "
Sun = Sun + 1
Temp= "-Ditto-"
End If
Regex.pattern = ". (open| Create) Textfileb "
If regex.test (filetxt) Then
"<tr><td>" &temp& "report&" </TD><TD> createtextfile|. Opentextfile</td><td> used the FSO's createtextfile|. OpenTextFile read-write file "&infiles&" </td><td> "&getdatecreate (filepath) &" <br> "& Getdatemodify (filepath) & "</td></tr>"
Sun = Sun + 1
Temp= "-Ditto-"
End If
Regex.pattern = ". Savetofileb "
If regex.test (filetxt) Then
"<tr><td>" &temp& "report&" </TD><TD> Savetofile</td><td> uses the stream's SaveToFile function to write a file "&infiles&" </td><td> "& Getdatecreate (filepath) & "<br>" &getdatemodify (filepath) & "</td></tr>"
Sun = Sun + 1
Temp= "-Ditto-"
End If
Regex.pattern = ". SAVEB "
If regex.test (filetxt) Then
"<tr><td>" &temp& "report&" </TD><TD> Save</td><td> uses the XMLHTTP save function to write the file "&infiles&" </td><td> "&getdatecreate" ( FilePath) & "<br>" &getdatemodify (filepath) & "</td></tr>"
Sun = Sun + 1
Temp= "-Ditto-"
End If
Set regEx = Nothing
Set regEx = New RegExp
Regex.ignorecase = True
Regex.global = True
Regex.pattern = "<!--s* #includes *files*=s*" ". *" ""
Set matches = Regex.execute (filetxt)
For the Match in matches
Tfile = Replace (Mid match.value, Instr (Match.value, "" ") + 1, Len (match.value)-Instr (Match.value," "" ")-1),"/"," ""
If not Checkext (Fso1s.getextensionname (tfile)) Then
Call Scanfile (Mid Filepath,1,instrrev (FilePath, "")) &tfile, replace (filepath,server. MapPath ("") & "", "", 1,1,1)
Sumfiles = sumfiles + 1
End If
Next
Set matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
Regex.ignorecase = True
Regex.global = True
Regex.pattern = "<!--s* #includes *virtuals*=s*" ". *" ""
Set matches = Regex.execute (filetxt)
For the Match in matches
Tfile = Replace (Mid match.value, Instr (Match.value, "" ") + 1, Len (match.value)-Instr (Match.value," "" ")-1),"/"," ""
If not Checkext (Fso1s.getextensionname (tfile)) Then
Call Scanfile (Server.MapPath ("") & "" &tfile, replace (filepath,server. MapPath ("") & "", "", 1,1,1)
Sumfiles = sumfiles + 1
End If
Next
Set matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
Regex.ignorecase = True
Regex.global = True
Regex.pattern = "Server. (Exec "&" ute| Transfer) ([T]*| () "". *"""
Set matches = Regex.execute (filetxt)
For the Match in matches
Tfile = Replace (Mid match.value, Instr (Match.value, "" ") + 1, Len (match.value)-Instr (Match.value," "" ")-1),"/"," ""
If not Checkext (Fso1s.getextensionname (tfile)) Then
Call Scanfile (Mid Filepath,1,instrrev (FilePath, "")) &tfile, replace (filepath,server. MapPath ("") & "", "", 1,1,1)
Sumfiles = sumfiles + 1
End If
Next
Set matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
Regex.ignorecase = True
Regex.global = True
Regex.pattern = "Server. (Exec "&" ute| Transfer) ([T]*| () [^""])"
If regex.test (filetxt) Then
report& "<tr><td>" &temp& "</td><td>server.exec" & ute</td> <td><font Color=red> cannot track files that are executed by the SERVER.E "&" Xecute () function. </font><br> "&infiles&" </td><td> "&getdatecreate (filepath) &" <br> " &getdatemodify (filepath) & "</td></tr>"
Sun = Sun + 1
End If
Set matches = Nothing
Set regEx = Nothing
Set Xregex = New RegExp
Xregex.ignorecase = True
Xregex.global = True
Xregex.pattern = "<SCR" & "ipts*" (. | n) *?runats*=s* ""? Server ""? (.| N) *?> "
Set xmatches = Xregex.execute (filetxt)
For the Match in Xmatches
TmpLake2 = Mid (Match.value, 1, InStr (Match.value, ">"))
Srcseek = INSTR (1, TmpLake2, "src", 1)
If srcseek > 0 Then
SrcSeek2 = InStr (Srcseek, tmpLake2, "=")
For i = 1 to 50
TMP = Mid (tmpLake2, SrcSeek2 + i, 1)
If tmp <> "" and TMP <> Chr (9) and TMP <> vbCrLf Then
Exit for
End If
Next
If tmp = "" "Then
Tmpname = Mid (tmpLake2, SrcSeek2 + i + 1, Instr (srcSeek2 + i + 1, tmpLake2, "" ")-srcseek2-i-1)
Else
If InStr (srcSeek2 + i + 1, tmpLake2, "") > 0 Then tmpname = Mid (tmpLake2, SrcSeek2 + i, InStr (srcSeek2 + i + 1, Tmplak E2, "")-srcseek2-i Else tmpname = TmpLake2
If InStr (Tmpname, Chr (9)) > 0 Then tmpname = Mid (tmpname, 1, InStr (1, Tmpname, Chr (9))-1
If InStr (Tmpname, vbCrLf) > 0 Then tmpname = Mid (tmpname, 1, InStr (1, Tmpname, vbCrLf)-1)
If InStr (Tmpname, ">") > 0 Then tmpname = Mid (tmpname, 1, InStr (1, Tmpname, ">")-1)
End If
Call Scanfile (Mid Filepath,1,instrrev (FilePath, "")) &tmpname, replace (filepath,server. MapPath ("") & "", "", 1,1,1)
Sumfiles = sumfiles + 1
End If
Next
Set matches = Nothing
Set regEx = Nothing
Set regEx = New RegExp
Regex.ignorecase = True
Regex.global = True
Regex.pattern = "Createo" & "bject[|t]* (. *)"
Set matches = Regex.execute (filetxt)
For the Match in matches
If Instr (Match.value, "&") or Instr (Match.value, "+") or Instr (Match.value, "" "") = 0 or Instr (match.value, "(") <& Gt InStrRev (Match.value, "(") Then
report& "<tr><td>" &temp& "</td><td>creat" & eobject</td>< Td>crea "&" Teobject function uses variant technology "&infiles&" </td><td> "&getdatecreate (filepath) &" <br> "&getdatemodify (filepath) &" </td></tr> "
Sun = Sun + 1
Exit Sub
End If
Next
Set matches = Nothing
Set regEx = Nothing
End If
Set ofile = Nothing
Set fso1s = Nothing
End Sub
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
