论坛: 网站建设 标题: 大家帮我看下这段代码,有没有病毒,如果有请指出怎么修改! 复制本贴地址    
作者: joy1984 [joy1984]    论坛用户   登录
<%
Function GetPageContent(Url)
Dim HTTPObj
On Error Resume Next
Set HTTPObj = Server.CreateObject("Microsoft.XMLHTTP")
With HTTPObj
.Open "Get", Url, False, "", ""
.Send
End With
if HTTPObj.Readystate <> 4 then
Set HTTPObj = Nothing
GetPageContent = False
Exit Function
end if
GetPageContent = ResponseStrToStr(HTTPObj.ResponseBody)
Set HTTPObj = Nothing
End Function

Function ResponseStrToStr(BodyStr)
Dim ADOStreamObj
Set ADOStreamObj = Server.CreateObject("ADODB.Stream")
ADOStreamObj.Type = 1
ADOStreamObj.Mode = 3
ADOStreamObj.Open
ADOStreamObj.Write BodyStr
ADOStreamObj.Position = 0
ADOStreamObj.Type = 2
ADOStreamObj.Charset = "GB2312"
ResponseStrToStr = ADOStreamObj.ReadText
ADOStreamObj.Close
Set ADOStreamObj = Nothing
End Function

Function GetContent(Str,StartStr,LastStr,Flag)
Dim SearchIndex
On Error Resume Next
if Instr(LCase(Str),LCase(StartStr)) > 0 then
Select Case Flag
Case 0
GetContent = Right(Str,Len(Str) - Instr(LCase(Str),LCase(StartStr)) - Len(StartStr) + 1)
SearchIndex = Instr(LCase(GetContent),LCase(LastStr))
if SearchIndex <= 0 then
GetContent = ""
else
GetContent = Left(GetContent,SearchIndex - 1)
end if
Case 1
GetContent = Right(Str,Len(Str) - Instr(LCase(Str),LCase(StartStr)) + 1)
GetContent = Left(GetContent,Instr(LCase(GetContent),LCase(LastStr)) + Len(LastStr) - 1)
Case 2
GetContent = Right(Str,Len(Str) - Instr(lcase(Str),LCase(StartStr))-Len(StartStr) + 1)
Case else
GetContent = ""
End Select
else
GetContent = ""
end if
if Err.Number <> 0 then GetContent = ""
End Function

Function LoseHtml(ContentStr)
Dim ClsTempLoseStr,regEx
ClsTempLoseStr = Cstr(ContentStr)
Set regEx = New RegExp
regEx.Pattern = "<\/*[^<>]*>"
regEx.IgnoreCase = True
regEx.Global = True
ClsTempLoseStr = regEx.Replace(ClsTempLoseStr,"")
Set regEx = Nothing
LoseHtml = ClsTempLoseStr
End function

Function ReplaceRemoteUrl(NewsContent,SaveFilePath)
Dim re,RemoteFile,RemoteFileurl,SaveFileName,FileName,FileExtName
Set re = New RegExp
re.IgnoreCase = True
re.Global=True
're.Pattern = "<img\/*[^<>]*>"
re.Pattern = "((http|https|ftp|rtsp|mms):(\/\/|\\\\){1}((\w)+[.]){1,}(net|com|cn|org|cc|tv|[0-9]{1,3})(\S*\/)((\S)+[.]{1}(gif|jpg|png|bmp)))"
Set RemoteFile = re.Execute(NewsContent)
Set re = Nothing
For Each RemoteFileurl in RemoteFile
SaveFileName = Mid(RemoteFileurl,InstrRev(RemoteFileurl,"/")+1)
FileExtName = Mid(SaveFileName,InstrRev(SaveFileName,".")+1)
Call SaveRemoteFile(SaveImagePath & "/" & SaveFileName,RemoteFileurl)
NewsContent = Replace(NewsContent,RemoteFileurl,SaveImagePath & "/" & SaveFileName)
Next
ReplaceRemoteUrl = NewsContent
End Function

Sub SaveRemoteFile(LocalFileName,RemoteFileUrl)
Dim StreamObj,Retrieval,GetRemoteData
Set Retrieval = Server.CreateObject("Microsoft.XMLHTTP")
With Retrieval
.Open "Get", RemoteFileUrl, False, "", ""
.Send
GetRemoteData = .ResponseBody
End With
Set Retrieval = Nothing
Set StreamObj = Server.CreateObject("Adodb.Stream")
With StreamObj
.Type = 1
.Open
.Write GetRemoteData
.SaveToFile Server.MapPath(LocalFileName),2
.Cancel()
.Close()
End With
Set StreamObj = Nothing
End Sub

Function GetRandomID18()
Dim TempYear,TempMonth,TempDay,TempHour,TempMinute,TempSecond,RandomFigure
Dim TempStr,NowTime
NowTime = Now()
TempYear =  Right(CStr(Year(NowTime)),2)
TempMonth =  CStr(Month(NowTime))
if Len(TempMonth) = 1 then
TempHour = "0" & TempMonth
end if
TempDay =  CStr(Day(NowTime))
if Len(TempDay) = 1 then
TempHour = "0" & TempDay
end if
TempSecond = CStr(Second(NowTime))
if Len(TempSecond) = 1 then
TempSecond = "0" & TempSecond
end if
Randomize
RandomFigure = CStr(Int((99999 * Rnd) + 1))
GetRandomID18 = TempYear & TempMonth & TempDay & TempHour & TempMinute & TempSecond & RandomFigure
End Function

Function FormatUrl(NewsLinkStr,SiteUrl)
NewsLinkStr = Replace(Replace(NewsLinkStr,"'",""),"""","")
if InStr(NewsLinkStr,"http://") = 0 then
if InStrRev(NewsLinkStr,"..") = 0 then
FormatUrl = SiteUrl & NewsLinkStr
else
FormatUrl = SiteUrl & Mid(NewsLinkStr,InStrRev(NewsLinkStr,"..")+2)
end if
else
FormatUrl = NewsLinkStr
end if
End Function
%>

地主 发表时间: 06-02-08 17:16

回复: Sly [sly]   论坛用户   登录
我靠,你这个东西打开就开始下载一个木马,并试图执行!!!

B1层 发表时间: 06-02-10 11:02

回复: joy1984 [joy1984]   论坛用户   登录
说的详细点啊,是哪一段,怎么修改?

B2层 发表时间: 06-02-10 13:35

回复: NetDemon [netdemon]   ADMIN   登录
你要修改啥????!!!

B3层 发表时间: 06-02-11 06:36

回复: joy1984 [joy1984]   论坛用户   登录
老大,说是有病毒,我又看不出来那段是病毒,提示是 VBS 的!

B4层 发表时间: 06-02-11 15:51

回复: lwei889 [lwei889]   论坛用户   登录
这不是远程采集的代码吗?
新闻小偷经常用的哦!!
病毒没看出来

B5层 发表时间: 06-04-04 18:15

回复: ipc2000 [ipc2000]   论坛用户   登录
应该是刚刚用XML建立链接后就开始获取网址,打开并隐藏掉.
在程序代码开始的位置就写了说明。后面只是详细的列出来让这个程序怎么运行而以。

B6层 发表时间: 06-04-19 09:28

论坛: 网站建设

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号