简单介绍下功能吧:使用了asp的一个对象servervariables(服务器环境变量),通过这个环境变量可以获取到真正的下载地址再通过一些简单的vbs内置函数破坏其真正地址的完整性。达到欺骗下载软件的功能。现附上源码提供大家学习。
<% function downloadfile(strfile)
strfilename=strfile
response.buffer=true
response.clear
set s=server.createobject("adodb.stream")
s.open
s.type=1
on error resume next
set fso=server.createobject("scripting.filesystemobject")
if not fso.fileexists(strfilename) then
from_url=cstr(request.servervariables("http_referer"))
serv_url=cstr(request.servervariables("server_name"))
if mid(from_url,8,len(serv_url)) <> serv_url then
response.write "该文件不存在或者已经删除."
response.end
end if
response.redirect request.servervariables("http_referer")
response.end
end if
fileext=mid(strfilename,instrrev(strfilename, ".")+1)
select case ucase(fileext)
case "asp", "asa", "aspx", "asax", "mdb", "php", "jsp", "shtml", "html", "htm", "tv", "data"
from_url=cstr(request.servervariables("http_referer"))
serv_url=cstr(request.servervariables("server_name"))
if mid(from_url,8,len(serv_url)) <> serv_url then
response.write "该文件不存在或者已经删除."
response.end
end if
response.redirect request.servervariables("http_referer")
response.end
end select
set f=fso.getfile(strfilename)
intfilelength=f.size
s.loadfromfile(strfilename)
if err then
from_url=cstr(request.servervariables("http_referer"))
serv_url=cstr(request.servervariables("server_name"))
if mid(from_url,8,len(serv_url)) <> serv_url then
response.write "该文件数据不完整或许已损坏."
response.end
end if
response.redirect request.servervariables("http_referer")
response.end
end if
set upload=server.createobject("persits.upload")
if upload is nothing then
response.addheader "content-disposition","attachment; filename="&f.name
response.addheader "content-length",intfilelength
response.charset="utf-8"
response.contenttype="application/x-download"
response.binarywrite s.read
response.flush
s.close
set s=nothing
else
upload.sendbinary strfilename,true,"application/x-download",false
end if
end function
%>
使用:<%call downloadfile("downloadfile")%>。
如对本文有疑问,
点击进行留言回复!!
我要评论
网友评论