A commonly heard ASP upload vulnerability is to upload some Trojan files by changing their suffix names (to image file suffixes).
Use the following function to identify this situation:
<%
'************************************************ *****************
'CheckFileType function is used to check whether the file is an image file
'The parameter filename is the path of the local file
'If it is one of the files jpeg, gif, bmp, png, the function returns true, otherwise it returns false
'************************************************ *****************
const adTypeBinary=1
dim jpg(1):jpg(0)=CByte(&HFF):jpg(1)=CByte(&HD8)
dim bmp(1):bmp(0)=CByte(&H42):bmp(1)=CByte(&H4D)
dim png(3):png(0)=CByte(&H89):png(1)=CByte(&H50):png(2)=CByte(&H4E):png(3)=CByte(&H47)
dim gif(5):gif(0)=CByte(&H47):gif(1)=CByte(&H49):gif(2)=CByte(&H46):gif(3)=CByte(&H39):gif(4) =CByte(&H38):gif(5)=CByte(&H61)
function CheckFileType(filename)
on error resume next
CheckFileType=false
dim fstream,fileExt,stamp,i
fileExt=mid(filename,InStrRev(filename,.)+1)
set fstream=Server.createobject(ADODB.Stream)
fstream.Open
fstream.Type=adTypeBinary
fstream.LoadFromFile filename
fstream.position=0
select case fileExt
case jpg,jpeg
stamp=fstream.read(2)
for i=0 to 1
if ascB(MidB(stamp,i+1,1))=jpg(i) then CheckFileType=true else CheckFileType=false
next
case gif
stamp=fstream.read(6)
for i=0 to 5
if ascB(MidB(stamp,i+1,1))=gif(i) then CheckFileType=true else CheckFileType=false
next
case png
stamp=fstream.read(4)
for i=0 to 3
if ascB(MidB(stamp,i+1,1))=png(i) then CheckFileType=true else CheckFileType=false
next
case bmp
stamp=fstream.read(2)
for i=0 to 1
if ascB(MidB(stamp,i+1,1))=bmp(i) then CheckFileType=true else CheckFileType=false
next
end select
fstream.Close
set fseteam=nothing
if err.number<>0 then CheckFileType=false
end function
%>
Then when applying
CheckFileType(server.mappath(cnbruce.jpg))
or
CheckFileType(F:/web/164/images/cnbruce.jpg))
Anyway, it is to detect and verify the image file type of the local physical address and return a true or false value.
Therefore, this situation applies to image upload. The current method is to first allow the upload of the pseudo image file, and then use the above custom function to determine whether the file meets the image specifications. If it is an image file disguised by a Trojan horse, FSO will delete it, such as :
file.SaveAs Server.mappath(filename) 'Save the file
If not CheckFileType(Server.mappath(filename)) then
response.write wrong image format
Set fso = CreateObject(Scripting.FileSystemObject)
Set ficn = fso.GetFile(Server.mappath(filename))
ficn.delete
setficn=nothing
set fso=nothing
response.end
end if
The file is uploaded first, and then a custom function is immediately used to determine the consistency of the file image type, and FSO deletes the file.
The ASP upload vulnerability also uses /0 to manipulate filepath.
For this situation, the following function can be used:
function TrueStr(fileTrue)
str_len=len(fileTrue)
pos=Instr(fileTrue,chr(0))
if pos=0 or pos=str_len then
TrueStr=true
else
TrueStr=false
end if
end function
Then you can make a judgment before uploading the file.
if TrueStr(filename)=false then
response.write illegal file
response.end
end if
file.SaveAs Server.mappath(filename)
%>