Home>Network programming tutorial>ASP tutorial

Asp Prevent uploading of pictures Trojans from Trojans

Author:Eve Cole Update Time:2025-02-23 14:16:02

Sometimes when uploading Trojans through programs, they are usually disguised as pictures. The following is the code for detecting pictures of Trojans under Asp. Friends who need it can refer to it.

First, determine the file size:

  1. iffile.filesize<10then
  2. Response.Write(<script>alert('You did not choose to upload file')</script>)
  3. Response.Write(<script>history.go(-1)</script>)
  4. Response.End()
  5. endif

After uploading the file to the server, determine the dangerous operation characters in the user's file:

  1. setMyFile=server.CreateObject(Scripting.FileSystemObject)
  2. setMyText=MyFile.OpenTextFile(FilePath,1)'Read text file
  3. sTextAll=lcase(MyText.ReadAll)
  4. MyText.close
  5. setMyFile=nothing
  6. sStr=.getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|.saveas
  7. |wscript.shell|script.encode|server.|.createobject|execute|activexobject|language=
  8. sNoString=split(sStr,|)
  9. fori=0toubund(sNoString)
  10. ifinstr(sTextAll,sNoString(i))then
  11. setfiledel=server.CreateObject(Scripting.FileSystemObject)
  12. filedel.deletefileFilePath
  13. setfiledel=nothing
  14. Response.Write(<script>alert('There is a problem with the file you uploaded, the upload failed');window.close();</script>)
  15. Response.End()
  16. endif
  17. next

How to prevent Trojan sex pictures from uploading

I've checked this code without any problem, it can block the upload of Trojan pictures

  1. <%
  2. '****************************************************** ***************
  3. 'CheckFileType function is used to check whether the file is an image file
  4. 'The parameter filename is the path to the local file
  5. 'If it is a file jpeg, gif, bmp, png picture, the function returns true, otherwise it returns false
  6. '****************************************************** ***************
  8. constadTypeBinary=1
  10. dimjpg(1):jpg(0)=CByte(&HFF):jpg(1)=CByte(&HD8)
  11. dimbmp(1):bmp(0)=CByte(&H42):bmp(1)=CByte(&H4D)
  12. dimpng(3):png(0)=CByte(&H89):png(1)=CByte(&H50):png(2)=CByte(&H4E):png(3)=CByte(&H47)
  13. dimgif(5):gif(0)=CByte(&H47):gif(1)=CByte(&H49):gif(2)=CByte(&H46):gif(3)=CByte(&H39):gif(4)= CByte(&H38):gif(5)=CByte(&H61)
  14. Response.WriteCheckFileType(Server.MapPath(2.gif))
  16. functionCheckFileType(filename)
  17. onerrorresumenext
  18. CheckFileType=false
  19. dimfstream,fileExt,stamp,i
  20. fileExt=mid(filename,InStrRev(filename,.)+1)
  21. setfstream=Server.createobject(ADODB.Stream)
  22. fstream.Open
  23. fstream.Type=adTypeBinary
  24. fstream.LoadFromFilefilename
  25. fstream.position=0
  26. selectcasefileExt
  27. casejpg,jpeg
  28. stamp=fstream.read(2)
  29. fori=0to1
  30. ifacB(MidB(stamp,i+1,1))=jpg(i)thenCheckFileType=trueelseCheckFileType=false
  31. next
  32. casegif
  33. stamp=fstream.read(6)
  34. fori=0to5
  35. ifacB(MidB(stamp,i+1,1))=gif(i)thenCheckFileType=trueelseCheckFileType=false
  36. next
  37. casepng
  38. stamp=fstream.read(4)
  39. fori=0to3
  40. ifacB(MidB(stamp,i+1,1))=png(i)thenCheckFileType=trueelseCheckFileType=false
  41. next
  42. casebmp
  43. stamp=fstream.read(2)
  44. fori=0to1
  45. ifacB(MidB(stamp,i+1,1))=bmp(i)thenCheckFileType=trueelseCheckFileType=false
  46. next
  47. endselect
  48. fstream.Close
  49. setfsetem=nothing
  50. iferr.number<>0thenCheckFileType=false
  51. endfunction
  52. %>

The above is the analysis of the principle of Trojans preventing uploading pictures from Asp. I hope it will be helpful to everyone's learning.

Related Articles