防盗链接ASP函数

2018-09-06 12:03

阅读:316

  简单介绍下功能吧:使用了ASP的一个对象ServerVariables(服务器环境变量),通过这个环境变量可以获取到真正的下载地址再通过一些简单的VBS内置函数破坏其真正地址的完整性。达到欺骗下载软件的功能。现附上源码提供大家学习。
复制代码 代码如下:
<% FunctIon DownloadFIle(StrFIle)
StrFIlename=StrFIle
Response.Buffer=True
Response.Clear
Set S=Server.CreateObJect(ADODB.Stream)
S.Open
S.Type=1
on Error Resume Next
Set Fso=Server.CreateObJect(ScrIptIng.FIleSystemObJect)
If Not Fso.FIleExists(StrFIleName) Then
From_Url=Cstr(Request.ServerVarIables(HTTP_REFERER))
Serv_Url=Cstr(Request.ServerVarIables(SERVER_NAME))
If MId(From_Url,8,len(Serv_Url)) <> Serv_Url Then
Response.WrIte 该文件不存在或者已经删除.
Response.End
End If
Response.RedIrect Request.ServerVarIables(HTTP_REFERER)
Response.End
End If
FileExt=MId(StrFIlename,InStrRev(StrFIleName, .)+1)
Select Case UCase(FIleExt)
Case ASP, ASA, ASPX, ASAX, MDB, PHP, JSP, SHTML, HTML, HTM, TV, DATA
From_Url=Cstr(Request.ServerVarIables(HTTP_REFERER))
Serv_Url=Cstr(Request.ServerVarIables(SERVER_NAME))
If MId(From_Url,8,len(Serv_Url)) <> Serv_Url Then
Response.WrIte 该文件不存在或者已经删除.
Response.End
End If
Response.RedIrect Request.ServerVarIables(HTTP_REFERER)
Response.End
End Select
Set F=Fso.GetFIle(StrFIlename)
IntFIlelength=F.SIze
s.LoadFromFIle(StrFIlename)
If Err Then
From_Url=Cstr(Request.ServerVarIables(HTTP_REFERER))
Serv_Url=Cstr(Request.ServerVarIables(SERVER_NAME))
If MId(From_Url,8,len(Serv_Url)) <> Serv_Url Then
Response.WrIte 该文件数据不完整或许已损坏.
Response.End
End If
Response.RedIrect Request.ServerVarIables(HTTP_REFERER)
Response.End
End If
Set Upload=Server.CreateObJect(PersIts.Upload)
If Upload Is Nothing Then
Response.AddHeader Content-Length,IntFilelength
Response.CharSet=UTF-8
Response.BinaryWrite S.Read
Response.Flush
S.Close
Set s=NothIng
Else
Upload.SendBinary StrFIlename,True,application/x-download,False
End If
End FunctIon
%>

使用:<%Call DownloadFIle(DownloadFIle)%>。


评论


亲,登录后才可以留言!