• λ我爱Aspx >> Asp.Net >> 八大法则防范ASP网站漏洞

    • 八大法则防范ASP网站漏洞

  • :未知  Դ:internet  :2007-5-20 16:41:59  ؼ:asp

  • CheckFileExt=true

    exit Function

    else

    CheckFileExt=false

    end if

    next

    End Function

    ‘验证文件内容的合法性

    set MyFile = server.CreateObject ("Scripting.FileSystemObject")

    set MyText = MyFile.OpenTextFile (sFile, 1) ’ 读取文本文件

    sTextAll = lcase(MyText.ReadAll): MyText.close

    ’判断用户文件中的危险操作

    sStr ="8 .getfolder .createfolder .deletefolder .createdirectory

    .deletedirectory"

    sStr = sStr & " .saveas wscript.shell script.encode"

    sNoString = split(sStr," ")

    for i = 1 to sNoString(0)

    if instr(sTextAll, sNoString(i)) <> 0 then

    sFile = Upl.Path & sFileSave: fs.DeleteFile sFile

    Response.write "<center><br><big>"& sFileSave &"文件中含有与操作目录等有关的命令"&_

    "<br><font color=red>"& mid(sNoString(i),2) &"</font>,

    Ҷƪл˵?
    第一页上一页12345678下一页尾页
  • һƪ最好的在线配色器
    һƪAsp.net中处理共享Session的问题