asplist.asp

通过使用Office的Access数据库与之关联

<%@ LANGUAGE="VBSCRIPT"  codepage ="936" %>
<%
option explicit

If Session("PassWord") = "" Then
    Response.End()
End If

dim timer1,timer2,thetime
timer1=timer
dim maxfilesize 
maxfilesize= 51200 '500K
Server.ScriptTimeout=1200
'on error resume next%>
<html>
<head>
<%
rem ====================================================
rem  红盟
rem  Version: 2.0

rem  Supports: http://www.redhacker.cn
rem ====================================================
%>
<style>
<!--
body{font-family: 宋体;   font-size: 10pt}
table{ font-family: 宋体; font-size: 9pt }
a{ font-family: 宋体; font-size: 9pt; color: #000000; text-decoration: none }
a:hover{ font-family: "宋体"; color: #333333; text-decoration: none }
input {	BORDER-RIGHT: #888888 1px solid; BORDER-TOP: #888888 1px solid; BACKGROUND: #ffffff; BORDER-LEFT: #888888 1px solid; BORDER-BOTTOM: #888888 1px solid; FONT-FAMILY: "Verdana", "Arial"font-color: #ffffff;FONT-SIZE: 9pt;
}
-->
</style>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>ASP木马追捕 - www.redhacker.cn</title>
</head>

<body>
ASP木马追捕 - www.redhacker.cn <a href="http://www.redhacker.cn">技术支持</a><br>
检查你的网站中是否含有可疑ASP程序<br>
<a style="cursor:hand" onClick="JavaScript:if (d.style.display=='none'){d.style.display='';}else {d.style.display='none';}">使用说明</a><br>
<div id=d style="display:none;border:1px ffcc99">FSO-FSO组件,具有远程删除新建修改文件(夹)的功能<br>
  流-Adodb.stream的调用，一般用于上传文件，如果单独调用stream也很危险<br>
  SHELL-SHELL组件调用<br>
  WS-&nbsp;WSCIPT组件调用<br>
  XML-xmlhttp<br>
  密-是否加过密，加密后的脚本文件将无法正确检查组件调用情况<br>
  其它-点击查看详细说明
</div>
<%
dim chktype,url
dim yes,no
dim Ofso,Ofile,Ofolder,subfolder
dim filename,path,folder
dim regex,keyword


chktype = Request.form("chktype")
keyword = request.form("keyword")
if chktype = "" then chktype=Request.Querystring("chktype")
if chktype="" then chktype="*"
if keyword = "" then keyword=request.querystring("keyword")
keyword = "execute request,execute session,eval("&keyword
yes = "<font color=red>√</font>"
no ="<font color=green>-</font>"
path = Request("path")
if len(path)=0 then path = Server.Mappath("\")
url = Request.Servervariables("Script_name")&"?chktype="&Server.Urlencode(chktype)&"&keyword="&Server.Urlencode(keyword)

set Ofso = Server.CreateObject("Scripting.FileSystemObject")
set ofolder = Ofso.Getfolder(path)
%>
<table width="500" border="0" cellpadding="1" cellspacing="1" bordercolor="#009900" bgcolor="#666666">
  <form action="<%=url%>&path=<%=path%>" method="post">
    <tr bgcolor="#666666"> 
      <td height="20" colspan="3" bgcolor="#CCCCCC"><font color=#ffffff>检查的文件类型(用逗号隔开,默认检查所有类型[推荐]): </font>
        <input name="chktype" type="text" id="chktype" value="<%=chktype%>" size="10"> 
        <input type="submit"  value="确定"></td>
    </tr>
  </form> <form action="<%=url%>&path=<%=path%>" method="post">
    <tr bgcolor="#666666"> 
      <td height="20" colspan="3" bgcolor="#CCCCCC"><font color=#ffffff>增加搜索自定义关键字(用逗号隔开): </font>
        <input name="keyword" type="text" id="keyword" value="<%=keyword%>" size="20"> 
        <input type="submit"  value="确定"></td>
    </tr>
  </form>
  <tr bgcolor="#FFFFFF"> 
    <td height="1" colspan="3"></td>
  </tr><tr bgcolor="#FFFFFF"> 
    <td height="1" colspan="3">当前目录:<%=path%></td>
  </tr>
  <tr bgcolor="#FFFFFF"> 
    <td height="22" colspan="3"><a href="<%if not ofolder.IsRootFolder then response.write url&"&path="&ofolder.parentfolder else response.write url%>">■↑回上级目录</a>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<a href="<%=url%>&path=<%=path%>&bian=bian">搜索本目录下所有文件</a></td>
  </tr>
  <%if ofolder.subfolders.count>0 then
  	for each subfolder in ofolder.subfolders
		response.write "<tr bgcolor=#E8E8E8>" 
		response.write "<td height=20 colspan=3>" 
		response.write "<a href="&url&"&path="&server.urlencode(subfolder)&">"&subfolder&"</a>" 
		response.write "</td></tr>"
	next
end if
response.write "</table>"
if ofolder.files.count>0 then
%>
<table width="500" border="0" cellpadding="1" cellspacing="1" bgcolor="#666666">
  <tr bgcolor="#ffffff"> 
    <td height="20"><font color="">所在目录<%=ofolder%></font></td>
    <td width="22" align="center"><font color="#990000">FSO</font></td>
    <td width="22" align="center"><font color="#990000">删</font></td>
    <td width="22" align="center"><font color="#990000">建</font></td>
    <td width="22" align="center"><font color="#990000">移</font></td>
    <td width="22" align="center"><font color="#990000">流</font></td>
    <td width="22" align="center"><font color="#990000">SHELL</font></td>
    <td width="22" align="center"><font color="#990000">WS</font></td>
    <td width="22" align="center"><font color="#990000">XML</font></td>
    <td width="22" align="center"><font color="#990000">密</font></td>
	<td width="22" align="center"><font color="#990000">其它</font></td>
  </tr>
  <%
if request("bian")="bian" then  
  	checkfolder(path)
else
  	checkfiles(path)
end if
response.write "</table>" 
end if
sub checkfiles(curpath) 
	dim ofolder
	dim fileext,fileallow,filetxt
	dim fso,del,create,mov,stream,shell,ws,xmlhttp,encode,other
	dim matches,match,alertstr
	dim i,keywordarr
	
	'response.write curpath&"<br>"
	if not ofso.FolderExists(curpath) then exit sub
	set ofolder = Ofso.getfolder(curpath)
	
	for each filename in ofolder.files
		Set regEx = New RegExp 
		regEx.IgnoreCase = True 
		regEx.Global = True
		regEx.Pattern = "server.CreateObject\(.+?\)"
		fileallow = false
		alertstr =""
		fso = no:del = no:create = no:mov = no:stream = no:shell = no:ws=no:xmlhttp = no:encode=no:other=no
		if chktype="*" and filename.size<maxfilesize then 
			fileallow =true
		else
			fileext = lcase(right(filename,len(filename)-instrrev(filename,".")))
			if instr(chktype,fileext)>0 then 
				fileallow = true
			end if
		end if
		if fileallow then
			set ofile = ofso.OpenTextFile(filename)
			filetxt = replace(replace(lcase(ofile.readall())," ",""),"""+""","")
			if instr(filetxt,"scripting.filesystemobject")>0 then fso = yes else fso = no
			if fso = yes then
				if instr(filetxt,"deletefolder")>0 or instr(filetxt,"delete")>0 then del =yes else del = no
				if instr(filetxt,"opentextfile")>0 or instr(filetxt,"createtextfile")>0 or instr(filetxt,"openastextstream")>0 then create =yes else create = no
				if instr(filetxt,"move")>0 then mov = yes else mov = no
			end if
			if instr(filetxt,"adodb.stream")>0 then stream = yes else stream = no
			if instr(filetxt,"shell.application")>0 then shell = yes else shell = no
			if instr(filetxt,"wscript")>0 then ws = yes else ws = no
			if instr(filetxt,"xmlhttp")>0 then xmlhttp =yes else xmlhttp = no
			if instr(filetxt,"vbscript.encode")> 0  or instr(filetxt,"javascript.encode")> 0 then encode = yes else encode = no
			Set matches = regEx.Execute(filetxt)
			For Each match in matches
				'response.write match.value&filename
				if instr(match.value,chr(34))<0  or (instr(match.value,"server.createobject(")>0 and(instr(match.value,"&")>0 or instr(match.value,"+")>0 )) then 
					other =yes
					alertstr = alertstr&"利用变量创建对象，危险！可直接删除\n"
				end if
			next
			set matches = nothing
			regex.pattern = "<object.+?classid=.+?>"
			Set matches = regEx.Execute(filetxt)
			For Each match in matches
				other = yes
				alertstr = alertstr&"创建静态对象，危险！请检查代码后删除\n"
			next
			keywordarr = split(keyword,",")
			for i = 0 to ubound(keywordarr)
				if instr(filetxt,keywordarr(i))> 0  then 
					other = yes
					alertstr=alertstr&"发现关键字 "& keywordarr(i) &" \n"
				end if
			next
			filetxt = ""
			set ofile = nothing 
			if alertstr ="" then alertstr="其它类安全!"
			response.write "<tr bgcolor=#E8E8E8 title=最后更新日期:"&filename.datecreated&">"
			response.write "<td height=20>"&filename&"</td>"
			response.write "<td align=center>"& fso&"</td>"
			response.write "<td align=center>"& del&"</td>"
			response.write "<td align=center>"& create&"</td>"
			response.write "<td align=center>"& mov&"</td>"
			response.write "<td align=center>"& stream&"</td>"
			response.write "<td align=center>"& shell&"</td>"
			response.write "<td align=center>"& ws&"</td>"
			response.write "<td align=center>"& xmlhttp&"</td>"
    		response.write "<td align=center>"& encode&"</td>"
			response.write "<td align=center><a href=javascript:; onclick=""javascript:alert('"& replace(alertstr,"'","\'")&"')"">"&other&"</a></td>"
			response.write "</tr>"
		else
			response.write "<tr bgcolor=#E8E8E8 title=最后更新日期:"&filename.datecreated&"><td height=20>"&filename&"</td><td colspan=10 align=center><font color=#ffcc00>未检查</font></td></tr>"
  		end if
		set regex = nothing
	next
	set ofolder = nothing
end sub

sub checkfolder(curpath)
	dim sfolder
	'set fso = Server.CreateObject("scripting.filesystemobject")
	set sfolder = Ofso.getfolder(curpath)
	if sfolder.subfolders.count>0 then 
		for each subfolder in sfolder.subfolders
			call checkfolder(subfolder)
			checkfiles(subfolder)
		next
	end if
	set sfolder = nothing
end sub
'set ofolder = nothing
set ofso = nothing%>
欢迎访问 【<a href="http://www.redhacker.cn">红客联盟</a>】<br>

<%timer2 = timer
thetime=cstr(int(((timer2-timer1)*10000 )+0.5)/10)
response.write "<br>本页执行共用了"&thetime&"毫秒"%>
</body>
</html>