我下了个程序非常喜欢..所有文件都上传到空间上了,就惟独有个CONN.ASP的文件传不了..有人说里面含有恶意代码..所以想发代码上来,让高手们看看能不能解决!

<!--#include file="Const.Asp"-->
<%
'*******************************************************
' Alexa SysTem V1.1
'
'作者:RichWong , 浩Kevel
'网站:Alexa.91xz.Net Alexa.6EP.Com
'联系:Richwong-QQ:1552965 浩Kevel-QQ:776953
'
'本系统由以上作者合作开发,共同拥有版权.未经作者同意严禁
'传播,销售本系统,否则本作者保留诉讼之权利.
'*******************************************************
%>
<%
Dim Database,ConnStr

Database = "/alexa_system.mdb"
ConnStr = "Provider = Microsoft.Jet.OLEDB.4.0;Data Source = " & Server.MapPath(Database)
On Error Resume Next
Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open ConnStr
If Err Then
err.Clear
Set DvConn = Nothing
Response.Write "数据库连接出错，请检查连接字串。"
Response.End
End If

Function Req(value)
Dim ParaValue
ParaValue = Trim(Request(value))
If IsNumeric(ParaValue) = True Then
Req = ParaValue
Exit Function
ElseIf InStr(LCase(ParaValue), "select ") > 0 Or InStr(LCase(ParaValue), "insert ") > 0 Or InStr(LCase(ParaValue), "delete from") > 0 Or InStr(LCase(ParaValue), "count(") > 0 Or InStr(LCase(ParaValue), "drop table") > 0 Or InStr(LCase(ParaValue), "update ") > 0 Or InStr(LCase(ParaValue), "truncate ") > 0 Or InStr(LCase(ParaValue), "asc(") > 0 Or InStr(LCase(ParaValue), "mid(") > 0 Or InStr(LCase(ParaValue), "char(") > 0 Or InStr(LCase(ParaValue), "xp_cmdshell") > 0 Or InStr(LCase(ParaValue), "exec master") > 0 Or InStr(LCase(ParaValue), "net localgroup administrators") > 0 Or InStr(LCase(ParaValue), " and ") > 0 Or InStr(LCase(ParaValue), "net user") > 0 Or InStr(LCase(ParaValue), " or ") > 0 Or InStr(LCase(ParaValue), "'") > 0 Or InStr(LCase(ParaValue), "''") > 0 Then
Response.Redirect "/nopage.html"
Else
Req = ParaValue
End If
End Function
Function Msgs(Txt,Url)
Response.Write "<script>alert('" & Txt & "');location.href='" & Url & "';</script>"
Response.End
End Function

Function DisRndRecord(DisNum,rsBound)
DIM i,ThisRnd
If rsBound < DisNum Then DisNum = rsBound
For i = 0 To DisNum - 1
ThisRnd = GetRnd(rsBound)
rs.Move(ThisRnd)
DisRndRecord = Replace(RS("UserUrl"),vbCrLf,"<br>")&"?"&Rs("ID")
rs.Move(-ThisRnd)
Next
End Function
Function GetRnd(bound)
DIM ranNum
Randomize()
ranNum=int(bound*rnd)
If Instr(Appeared,"["&ranNum&"]") Then
ranNum = getRnd(bound)
End If
Appeared = Appeared & "["&ranNum&"]"
GetRnd = ranNum
End Function
%>

ElseIf InStr(LCase(ParaValue), "select ") > 0 Or InStr(LCase(ParaValue), "insert ") > 0 Or InStr(LCase(ParaValue), "delete from") > 0 Or InStr(LCase(ParaValue), "count(") > 0 Or InStr(LCase(ParaValue), "drop table") > 0 Or InStr(LCase(ParaValue), "update ") > 0 Or InStr(LCase(ParaValue), "truncate ") > 0 Or InStr(LCase(ParaValue), "asc(") > 0 Or InStr(LCase(ParaValue), "mid(") > 0 Or InStr(LCase(ParaValue), "char(") > 0 Or InStr(LCase(ParaValue), "xp_cmdshell") > 0 Or InStr(LCase(ParaValue), "exec master") > 0 Or InStr(LCase(ParaValue), "net localgroup administrators") > 0 Or InStr(LCase(ParaValue), " and ") > 0 Or InStr(LCase(ParaValue), "net user") > 0 Or InStr(LCase(ParaValue), " or ") > 0 Or InStr(LCase(ParaValue), "'") > 0 Or InStr(LCase(ParaValue), "''") > 0 Then
Response.Redirect "/nopage.html"
这一大堆看来是在过滤，过滤什么呢，关键问题之一。

xp_cmdshell

net localgroup administrators

net user

过滤SQL语句的应没有问题，上面这几个（大概看了一下，自已再看看有没有别的），涉及到系统

权限问题，把这几个删掉，或还有别的，应该可解决问题的

有些文件是因为涉及到系统权限问题,所以被认为是恶意文件才会传不上的