asp上传过滤代码(强)
VBScript code
-----------------------------------------------------------------------------------------------------
set MyFile = server.CreateObject("Scripting.FileSystemObject")
set MyText = MyFile.OpenTextFile(Server.mappath(filename)) '读取文本文件
sTextAll = lcase(MyText.ReadAll())
MyText.close
set MyFile = nothing
sStr=".getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|"
sStr=sStr&".saveas|wscript.shell|script.encode|server.|.createobject|execute|activexobject|language="
snum = split(sStr,"|")
for i=0 to ubound(snum)
if instr(sTextAll,snum(i)) then
set filedel = server.CreateObject("Scripting.FileSystemObject")
filedel.deletefile Server.mappath(filename)
set filedel = nothing
Response.Write("<script>alert('上传失败!你想传木马文件呀,我BS你');window.close();</script>")
Response.End()
end if
next
-----------------------------------------------------------------------------------------------------
ASP的这一段放在上传的代码里,含有非法的图片木马都上传不了,sStr=".getfolder|.createfolder|.deletefolder|.createdirectory|.deletedirectory|"
这里,可以任意加自己要过滤的东西。
转自:chinmo