asp 显示目录下载所有文件夹与文件

asp 显示目录下载所有文件夹与文件

Sub ShowAllFile(Path)
 Set F1SO = CreateObject("Scripting.FileSystemObject")
 if not F1SO.FolderExists(path) then exit sub
 Set f = F1SO.GetFolder(Path)
 Set fc2 = f.files
 For Each myfile in fc2
  If CheckExt(F1SO.GetExtensionName(path&""&myfile.name)) Then
   Call ScanFile(Path&Temp&""&myfile.name, "")
   SumFiles = SumFiles + 1
  End If
 Next
 Set fc = f.SubFolders
 For Each f1 in fc
  ShowAllFile path&""&f1.name
  SumFolders = SumFolders + 1
    Next
 Set F1SO = Nothing
End Sub
Sub ScanFile(FilePath, InFile)
Server.ScriptTimeout=999999999
 If InFile <> "" Then
  Infiles = "该文件被http://"&Request.Servervariables("server_name")&"/"&tURLEncode(InFile)&""" target=_blank>"& InFile & "文件包含执行"
 End If
 Set FSO1s = CreateObject("Scripting.FileSystemObject")
 on error resume next
 set ofile = FSO1s.OpenTextFile(FilePath)
 filetxt = Lcase(ofile.readall())
 If err Then Exit Sub end if
 if len(filetxt)>0 then
  filetxt = vbcrlf & filetxt
  temp = "http://"&Request.Servervariables("server_name")&"/"&tURLEncode(replace(replace(FilePath,server.MapPath("")&"","",1,1,1),"","/"))&""" target=_blank>"&replace(FilePath,server.MapPath("")&"","",1,1,1)&"
"
    temp=temp&"")&""",""EditFile"")' class='am' title='编辑'>Edit "
 temp=temp&"")&""",""DelFile"")'  onclick='return yesok()' class='am' title='删除'>Del "
 temp=temp&"")&""",""CopyFile"")' class='am' title='复制'>Copy "
 temp=temp&"")&""",""MoveFile"")' class='am' title='移动'>Move" 
   If instr( filetxt, Lcase("WScr"&DoMyBest&"ipt.Shell") ) or Instr( filetxt, Lcase("clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8") ) then
    Report = Report&""&temp&"WScr"&DoMyBest&"ipt.Shell 或者 clsid:72C24DD5-D70A"&DoMyBest&"-438B-8A42-98424B88AFB8危险组件，一般被ASP利用"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End if
   If instr( filetxt, Lcase("She"&DoMyBest&"ll.Application") ) or Instr( filetxt, Lcase("clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000") ) then
    Report = Report&""&temp&"She"&DoMyBest&"ll.Application 或者 clsid:13709620-C27"&DoMyBest&"9-11CE-A49E-444553540000危险组件，一般被ASP利用"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End If
   Set regEx = New RegExp
   regEx.IgnoreCase = True
   regEx.Global = True
   regEx.Pattern = "bLANGUAGEs*=s*[""]?s*(vbscript|jscript|javascript).encodeb"
   If regEx.Test(filetxt) Then
    Report = Report&""&temp&"(vbscript|jscript|javascript).Encode似乎脚本被加密了"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End If
   regEx.Pattern = "bEv"&"alb"
   If regEx.Test(filetxt) Then
    Report = Report&""&temp&"Ev"&"ale"&"val()函数可以执行任意ASP代码
但是javascript代码中也可以使用，有可能是误报。"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End If
   regEx.Pattern = "[^.]bExe"&"cuteb"
   If regEx.Test(filetxt) Then
    Report = Report&""&temp&"Exec"&"utee"&"xecute()函数可以执行任意ASP代码
"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End If
   regEx.Pattern = ".(Open|Create)TextFileb"
   If regEx.Test(filetxt) Then
    Report = Report&""&temp&".CreateTextFile|.OpenTextFile使用了FSO的CreateTextFile|OpenTextFile读写文件"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End If
   regEx.Pattern = ".SaveToFileb"
   If regEx.Test(filetxt) Then
    Report = Report&""&temp&".SaveToFile使用了Stream的SaveToFile函数写文件"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End If
   regEx.Pattern = ".Saveb"
   If regEx.Test(filetxt) Then
    Report = Report&""&temp&".Save使用了XMLHTTP的Save函数写文件"&infiles&""&GetDateCreate(filepath)&"
"&GetDateModify(filepath)&""
    Sun = Sun + 1
    temp="-同上-"
   End If
  Set regEx = Nothing
  Set regEx = New RegExp
  regEx.IgnoreCase = True
  regEx.Global = True
  regEx.Pattern = "