The website was uploaded to a. Asa file, and its suffix was changed to. rar, which then escaped my simple suffix judgment.
As a result, the website is infected with Trojans. Fortunately, it is not difficult. Now the real file type has been added and the security is much higher.
Meteorology
<% @ Page Language = " C # " Autoeventwireup = " True " Codefile = " Truefile. aspx. CS " Inherits = " Test_truefile " %>
<!Doctype HTML public "-// W3C // dtd xhtml 1.0 transitional // en" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
< Html Xmlns = "Http://www.w3.org/1999/xhtml" >
< Head Runat = "Server" >
< Title > No title page </ Title >
</ Head >
< Body >
< Form ID = "Form1" Runat = "Server" >
< Div >
< ASP: fileupload ID = "Uploadfile" Runat = "Server" />
< ASP: button ID = "Btnok" Runat = "Server" Text = "Judgement" Onclick = "Btnok_click" />
</ Div >
</ Form >
</ Body >
</ Html >
Meteorology
Using System;
Using System. Data;
Using System. configuration;
Using System. collections;
Using System. Web;
Using System. Web. Security;
Using System. Web. UI;
Using System. Web. UI. webcontrols;
Using System. Web. UI. webcontrols. webparts;
Using System. Web. UI. htmlcontrols;
Public Partial ClassTest_truefile: system. Web. UI. Page
{
Protected VoidPage_load (ObjectSender, eventargs E)
{
}
/// <Summary>
/// C # functions for detecting real file types
/// </Summary>
/// <Param name = "hifile"> </param>
/// <Returns> </returns>
Private Bool Isallowedextension (httppostedfile hifile)
{
Bool RET = False ;
System. Io. filestream FS = New System. Io. filestream (hifile. filename, system. Io. filemode. Open, system. Io. fileaccess. Read );
System. Io. binaryreader R = New System. Io. binaryreader (FS );
String Fileclass = "" ;
Byte Buffer;
Try
{
Buffer = R. readbyte ();
Fileclass = Buffer. tostring ();
Buffer = R. readbyte ();
Fileclass + = Buffer. tostring ();
}
Catch
{
Return False ;
}
R. Close ();
FS. Close ();
/* File Extension description
* 4946/104116 txt
* 7173 GIF
* 255216 JPG
* 13780 PNG
* 6677 BMP
* 239187 txt, aspx, ASP, SQL
* 208207 xls.doc.ppt
* 6063 XML
* 6033 htm, html
* 4742 JS
* 8075 XLSX, zip, pptx, MMAP, zip
* 8297 RAR
* 01 accdb, MDB
* 7790 EXE, DLL
* 5666 PSD
* 255254 RDP
* 10056 BT seeds
* 64101 bat
* 4059 sgf
*/
//String [] filetype = {"255216", "7173", "6677", "13780", "8297", "5549", "870", "87111 ", "8075 "};
// Pure Image
String [] filetype = {
" 7173 " , // GIF
" 255216 " , // JPG
" 13780 " // PNG
};
For ( Int I = 0 ; I < Filetype. length; I ++ )
{
If (Fileclass = Filetype [I])
{
RET = True ;
Break ;
}
}
Response. Write (fileclass ); // You can output the file type Extension you do not know here.
Return RET;
}
Protected Void Btnok_click ( Object Sender, eventargs E)
{
If (Isallowedextension (uploadfile. postedfile ))
{
Response. Write ( " OK " );
}
}
}