How asp prevents upload Trojans:
First, determine the file size:
If file. filesize <10 then Response. write ("<script> alert ('you have not selected to upload file') </script>") Response. write ("<script> history. go (-1) </script> ") Response. end () end if
After the file is uploaded to the server, it determines the dangerous operation Characters in the user file:
Set MyFile = server. createObject ("Scripting. fileSystemObject ") set MyText = MyFile. openTextFile (FilePath, 1) 'reads the text file sTextAll = lcase (MyText. readAll) MyText. closeset MyFile = nothingsStr = ". getfolder |. createfolder |. deletefolder |. createdirectory |. deletedirectory |. saveas | wscript. shell | script. encode | server. |. createobject | execute | activexobject | language = "sNoString = split (sStr," | ") for I = 0 to ubound (sNoString) if instr (sTextAll, sNoString (I )) then set filedel = server. createObject ("Scripting. fileSystemObject ") filedel. deletefile FilePath set filedel = nothing Response. write ("<script> alert ('upload failed due to a problem with the file you uploaded '); window. close (); </script> ") Response. end () end ifnext
How to Prevent trojans from being uploaded
I have tested this code to block the upload of Trojan images.
<% '************************************* * ************************ 'Checkfiletype function is used to check whether the file is an image filename 'parameter is local file path 'if it is a file jpeg, one of gif, bmp, and png images. The function returns true, otherwise, false ********************************** is returned '************************************ * ************************* const adTypeBinary = 1dim jpg (1): jpg (0) = CByte (& HFF): jpg (1) = CByte (& HD8) dim bmp (1): bmp (0) = CByte (& H42 ): bmp (1) = CByte (& H4D) dim png (3): png (0) = CByte (& H89): png (1) = CByte (& H50 ): png (2) = CByte (& H4E): png (3) = CByte (& H47) dim gif (5): gif (0) = CByte (& H47 ): gif (1) = CByte (& H49): gif (2) = CByte (& H46): gif (3) = CByte (& H39): gif (4) = CByte (& H38): gif (5) = CByte (& H61) Response. write CheckFileType (Server. mapPath ("2.gif") function CheckFileType (filename) on error resume nextCheckFileType = falsedim fstream, fileExt, stamp, ifileExt = mid (filename, limit Rev (filename ,". ") + 1) set fstream = Server. createobject ("ADODB. stream ") fstream. openfstream. type = adTypeBinaryfstream. loadFromFile filenamefstream. position = 0 select case fileExtcase "jpg", "jpeg" stamp = fstream. read (2) for I = 0 to 1if ascB (MidB (stamp, I + 1, 1) = jpg (I) then CheckFileType = true else CheckFileType = falsenextcase "gif" stamp = fstream. read (6) for I = 0 to 5if ascB (MidB (stamp, I + 1, 1) = gif (I) then CheckFileType = true else CheckFileType = falsenextcase "png" stamp = fstream. read (4) for I = 0 to 3if ascB (MidB (stamp, I + 1, 1) = png (I) then CheckFileType = true else CheckFileType = falsenextcase "bmp" stamp = fstream. read (2) for I = 0 to 1if ascB (MidB (stamp, I + 1,1) = bmp (I) then CheckFileType = true else CheckFileType = falsenextend selectfstream. closeset fseteam = nothingif err. number <> 0 then CheckFileType = falseend function %>