How to fix upfile. asp upload vulnerability

Source: Internet
Author: User

Patch upfile. asp upload vulnerability
Functions related to ASP files. There are the following:
1. Get the file extension.
2. ASP File Upload Vulnerability Detection
3. format the size of the displayed file.
4. asp checks whether the uploaded image is a real image.
5. Upload File Extension Detection
6. Get the icon corresponding to the file
7. download files and other related functions

Program code:
<%
'*************************************** ****************
'Usage: get the file extension.
'Function name: GetFileExt (fileTrue)
'Parameter: sFileName file name
'Return value: returns the file extension.
'*************************************** ****************
Function GetFileExt (sFileName)
GetFileExt = UCase (Mid (sFileName, limit Rev (sFileName, ".") + 1) 'is attached below
End function

'*************************************** ****************
'Usage: ASP upload vulnerability prevention
'Function name: TrueStr (fileTrue)
'Parameter: sFileName file name
'Return value: True for valid files; otherwise, False is returned.
'*************************************** ****************
Function IsTrueFileName (sFileName)
Dim str_len, pos
Str_len = len (sFileName)
Pos = Instr (sFileName, chr (0 ))
If pos = 0 or pos = str_len then
IsTrueFileName = true
Else
IsTrueFileName = false
End If
End function

'*************************************** ****************
'Usage: checks whether the uploaded image files (jpeg, gif, bmp, and png) are actually images.
'Function name: TrueStr (fileTrue)
'Parameter: sFileName file name (the file name is the physical full path of the folder)
'Return value: True if it is an image file; otherwise, False is returned.
'*************************************** ****************
Function IsImgFile (sFileName)
Const adTypeBinary = 1
Dim return
Dim jpg (1): jpg (0) = CByte (& HFF): jpg (1) = CByte (& HD8)
Dim bmp (1): bmp (0) = CByte (& H42): bmp (1) = CByte (& H4D)
Dim png (3): png (0) = CByte (& H89): png (1) = CByte (& H50): png (2) = CByte (& H4E ): png (3) = CByte (& H47)
Dim gif (5): gif (0) = CByte (& H47): gif (1) = CByte (& H49): gif (2) = CByte (& H46 ): gif (3) = CByte (& H39): gif (4) = CByte (& H38): gif (5) = CByte (& H61)

On error resume next

Return = false
Dim fstream, fileExt, stamp, I
'Get the file suffix and convert it to lowercase
FileExt = LCase (GetFileExt (sFileName ))
'If the file suffix is jpg, jpeg, bmp, gif, or png
'Then the real image is judged
If strInString (FileExt, "jpg | jpeg | bmp | gif | png") = true then
Set fstream = Server. createobject ("ADODB. Stream ")
Fstream. Open
Fstream. Type = adTypeBinary
Fstream. LoadFromFile sFileName
Fstream. position = 0
Select case LCase (FileExt)
Case "jpg", "jpeg"
Stamp = fstream. read (2)
For I = 0 to 1
If ascB (MidB (stamp, I + 1, 1) = jpg (I) then return = true else return = false
Next
Case "gif"
Stamp = fstream. read (6)
For I = 0 to 5
If ascB (MidB (stamp, I + 1, 1) = gif (I) then return = true else return = false
Next
Case "png"
Stamp = fstream. read (4)
For I = 0 to 3
If ascB (MidB (stamp, I + 1, 1) = png (I) then return = true else return = false
Next
Case "bmp"
Stamp = fstream. read (2)
For I = 0 to 1
If ascB (MidB (stamp, I + 1, 1) = bmp (I) then return = true else return = false
Next
End select

Fstream. Close
Set fseteam = nothing
If err. number <> 0 then return = false
Else
Return = true
End If
IsImgFile = return
End function

'*************************************** ****************
'Usage: File Extension check
'Function name: CheckFileExt
'Parameter: Suffix of the sFileExt upload folder
'Strext specifies the suffix that allows or disables the upload of folders. multiple extensions are separated by '| '.
'Blnallow: whether to allow or disable the suffix specified in strExt upload
'Return value: True for valid files; otherwise, False is returned.
'*************************************** ****************
Function CheckFileExt (sFileExt, strExt, blnAllow)
Dim arrExt, return
'= List of files that cannot be uploaded
'Strext = "EXE | JS | BAT | HTML | HTM | COM | ASP | ASA | DLL | PHP | JSP | CGI"
SFileExt = UCase (sFileExt)
StrExt = UCase (strExt)
ArrExt = split (strExt, "| ")
If blnAllow = true then ', only the specified file can be uploaded.
Return = false
For I = 0 to UBound (arrExt)
If sFileExt = arrExt (I) then return = true
Next
'Response. write "Ext:" & sFileExt & "return:" & return &""
Else 'prohibit the upload of the specified file
Return = true
For I = 0 to UBound (arrExt)
If sFileExt = arrExt (I) then return = false
Next
End If
CheckFileExt = return
End Function

'*************************************** ****************
'For use: Format and display the file size
'Filesize: File Size
'*************************************** ****************
Function FormatSize (FileSize)
If FileSize <1024 then FormatSize = FileSize & "Byte"
If FileSize/1024 <1024 And FileSize/1024> 1 then
FileSize = file size/1024
FormatSize = round (FileSize * 100)/100 & "KB"
Elseif FileSize/(1024*1024)> 1 Then
FileSize = FileSize/(1024*1024)
FormatSize = round (FileSize * 100)/100 & "MB"
End If
End function

'*************************************** ****************
'Usage: Get the icon corresponding to the file
'Function name: FormatSize (FileSize)
'Parameter: FileName file name
'Return value: True for valid files; otherwise, False is returned.
'*************************************** ****************
Function GetFileIcon (FileName)
Dim FileExt, Fso1
FileExt = GetFileExt (FileName)
ImgPath = strAdminRoot & "Style/images/file/" & FileExt & pai.gif"
Set Fso1 = Server. CreateObject ("Scripting. FileSystemObject ")
If Fso1.fileExists (server. MapPath (ImgPath) = true then
GetFileIcon = "Else
GetFileIcon = "End If
Set Fso1 = nothing
End Function
'*************************************** ****************
 

'Purpose: download an object.
'Function name: DownFile (FileName)
'Filename'
'*************************************** ****************
Sub DownFile (FileName)
Fname = server. MapPath (fname)
Filename = split (fname ,"")

Set objAdoStream = Server. createObject ("ADODB. Stream ")
ObjAdoStream. Type = 1
ObjAdoStream. open ()
ObjAdoStream. LoadFromFile (fname)
Strchar = objAdoStream. Read ()
Fsize = objAdoStream. size
ObjAdoStream. Close ()
Set objAdoStream = nothing

Response. AddHeader "content-type", "application/x-msdownload"
Response. AddHeader "Content-Disposition", "attachment; filename =" & filename (ubound (filename ))
Response. AddHeader "content-length", fsize

Response. BinaryWrite (strchar)
Response. Flush ()
End Sub
%>
------------------------------------------
Appendix 1:
Mid Function
Returns Variant (String), which contains the specified number of characters in the String.
Syntax
Mid (string, start [, length])
Required parameter of start. Long. String. If start exceeds the string Character Count, Mid Returns a zero-length string ("").
Length is an optional parameter; it is Variant (Long ). The number of characters to return. If the value is omitted or the length exceeds the number of characters in the text (including the characters at the start), all characters from start to the end of the string are returned.
It may be that your start variable value is greater than the string length, leading to the return of an empty string, or the variable value is 0, leading to errors.
Appendix 2:
InstrRev usage

Description
Returns the position from the end of a string that appears in another string.
Syntax
Limit Rev (string1, string2 [, start [, compare])
The syntax of the limit rev function has the following parameters:
Parameter description
String1 is required. String expression to be searched.
String2 is required. String expression to be searched.
Start is optional. Value expression, used to set the start position of each search. If it is omitted, the default value is-1, indicating that the search starts from the position of the last character. If start contains Null, an error occurs.
Compare is optional. When calculating a substring, it indicates the value of the comparison type to be used. If omitted, binary comparison is executed. For values, see the "Settings" section.

Set
The compare parameter can have the following values:
Constant Value description
VbBinaryCompare 0 performs binary comparison.
VbTextCompare 1 performs text comparison.
VbDatabaseCompare 2 performs a comparison based on the information contained in the database (compare in this database.

Return Value
InStrRev returns the following values:
If limit rev returns
String1 0 length 0
String1 is Null
String2 zero-length start
String2 is Null
String2 does not find 0
Find string2 in string1 and find the position matching the string
Start> Len (str

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.