ASP prevent upload Pictures Trojan principle Analysis _ Trojan Related

First determine the file size:

If File.filesize<10 then
  Response.Write ("<script>alert (' you did not choose to upload file ') </script>")
  Response.Write ("<script>history.go ( -1) </script>")
  Response.End () End
if

After uploading the file to the server, determine the dangerous action characters in the user file:

Set MyFile = Server. CreateObject ("Scripting.FileSystemObject")
Set MyText = Myfile.opentextfile (FilePath, 1) ' reads text file
Stextall = LCase (mytext.readall)
mytext.close
Set MyFile = Nothing
sstr= ". getfolder|. createfolder|. deletefolder|. createdirectory|. deletedirectory|. SaveAs
|wscript.shell|script.encode|server.|. Createobject|execute|activexobject|language= "
snostring = Split" (SStr, "|") 
For i=0 to UBound (snostring)
  If InStr (Stextall,snostring (i)) then
   set Filedel = Server. CreateObject ("Scripting.FileSystemObject")
   filedel.deletefile FilePath
   Set Filedel =
   Nothing Response.Write ("<script>alert (' your uploaded file has a problem, upload failed '); Window.close ();</script>")
   Response.End () End
  If
next

How to prevent the upload of Trojan pictures

This code I have tested no problem, can block the upload of Trojan pictures

<% ' *************************************************************** ' checkfiletype function to check if a file is a picture file ' parameter filename is the path of the local file ' if it is one of the file jpeg,gif,bmp,png pictures, the function returns True, otherwise it returns false ' ******************************************** Const Adtypebinary=1 Dim jpg (1): JPG (0) =cbyte (&AMP;HFF): JPG (1) =cbyte (&hd8) Dim bmp (1): BMP (0) = CByte (&h42): BMP (1) =cbyte (&h4d) Dim png (3):p ng (0) =cbyte (&h89):p ng (1) =cbyte (&h50):p ng (2) =cbyte ( &h4e):p ng (3) =cbyte (&h47) Dim gif (5): GIF (0) =cbyte (&h47): GIF (1) =cbyte (&h49): GIF (2) =cbyte (&h46) : GIF (3) =cbyte (&h39): GIF (4) =cbyte (&h38): GIF (5) =cbyte (&h61) Response.Write Checkfiletype ( Server.MapPath ("2.gif")) function Checkfiletype (filename) On Error Resume Next Checkfiletype=false Dim fstream,fileext, Stamp,i fileext=mid (Filename,instrrev (FileName, ".") +1 set Fstream=server.createobject ("ADODB"). Stream ") fstream. Open FStream. Type=adtypebinary FStream. LoadFromFile filename fstream.position=0 Select Case fileext case "JPG", "JPEG "Stamp=fstream.read (2) for i=0 to 1 if AscB (MidB (stamp,i+1,1)) =jpg (i) then checkfiletype=true else Checkfiletype=fal Se next case "gif" stamp=fstream.read (6) for i=0 to 5 if AscB (MidB (stamp,i+1,1)) =gif (i) then checkfiletype=true else Check Filetype=false next case, "PNG" Stamp=fstream.read (4) for i=0 to 3 if AscB (MidB (stamp,i+1,1)) =png (i) then Checkfiletype=tru E Else checkfiletype=false next case "BMP" Stamp=fstream.read (2) for i=0 to 1 if AscB (MidB (stamp,i+1,1)) =bmp (i) then Check Filetype=true Else checkfiletype=false Next End Select FStream. Close Set fseteam=nothing if err.number<>0 then Checkfiletype=false End Function%>

Above is the ASP to prevent the upload of pictures trojan principle analysis, I hope to help you learn.