DV7.0SP2用的无具上传类upload.inc只是检查了扩展名
ASP文件造样可以上传
经过修正后的upload.inc，可以专么把文件打开检查
包括压缩后的代码,例如hack.asp→hack.gif→rar打包上传

以下是upload.inc源码： <% Dim oUpFileStream   '/------------------------------------            '/【上传类的主要成员和过程】   '/包括类的初始销毁和文件信息读取   '/------------------------------------   Class UpFile_Class  Public Form,File,Version,Err  Private CHK_FileType,CHK_MaxSize  '/------------------------------------  '/【特殊函数:类的初始化】  '/------------------------------------  Private Sub Class_Initialize   Version = "无惧上传类 Version V1.0"   Err = -1   CHK_FileType = ""   CHK_MaxSize = -1   Set Form = Server.CreateObject ("Scripting.Dictionary")   Set File = Server.CreateObject ("Scripting.Dictionary")   Set oUpFileStream = Server.CreateObject ("Adodb.Stream")   Form.CompareMode = 1   File.CompareMode = 1   oUpFileStream.Type = 1   oUpFileStream.Mode = 3   oUpFileStream.Open  End Sub  '/------------------------------------  '/【特殊函数:类的销毁】  '/微软在后续语言中抛弃了Let语句  '/------------------------------------  Private Sub Class_Terminate    Form.RemoveAll   Set Form = Nothing   File.RemoveAll   Set File = Nothing   oUpFileStream.Close   Set oUpFileStream = Nothing  End Sub  Public Property Get InceptFileType   InceptFileType = CHK_FileType  End Property  Public Property Let InceptFileType(Byval vType)   CHK_FileType = vType  End Property  Public Property Get MaxSize   MaxSize = CHK_MaxSize  End Property  Public Property Let MaxSize(vSize)   If IsNumeric(vSize) Then CHK_MaxSize = Int(vSize)  End Property  '/------------------------------------  '/【成员函数:GetDate()】  '/------------------------------------  Public Sub GetDate()     '定义变量    Dim RequestBinDate,sSpace,bCrLf,sInfo,iInfoEnd,tStream,iStart,oFileInfo    Dim sFormValue,sFileName,sFormName,RequestSize    Dim iFindStart,iFindEnd,iFormStart,iFormEnd,FileBlag     '代码开始    RequestSize = Int(Request.TotalBytes)    If  RequestSize < 1 Then   Err = 1   Exit Sub    End If    Set tStream = Server.CreateObject ("Adodb.Stream")    oUpFileStream.Write Request.BinaryRead (RequestSize)    oUpFileStream.Position = 0    RequestBinDate = oUpFileStream.Read    iFormEnd = oUpFileStream.Size       bCrLf = ChrB (13) & ChrB (10)    '取得每个项目之间的分隔符    sSpace = MidB (RequestBinDate,1, InStrB (1,RequestBinDate,bCrLf)-1)    iStart = LenB  (sSpace)    iFormStart = iStart+2    '分解项目    Do      iInfoEnd = InStrB (iFormStart,RequestBinDate,bCrLf & bCrLf)+3      tStream.Type = 1      tStream.Mode = 3      tStream.Open      oUpFileStream.Position = iFormStart      oUpFileStream.CopyTo tStream,iInfoEnd-iFormStart      tStream.Position = 0      tStream.Type = 2      tStream.CharSet = "gb2312"      sInfo = tStream.ReadText      '取得表单项目名称      iFormStart = InStrB (iInfoEnd,RequestBinDate,sSpace)-1      iFindStart = InStr(22,sInfo,"name=""",1)+6      iFindEnd = InStr(iFindStart,sInfo,"""",1)      sFormName = Mid(sinfo,iFindStart,iFindEnd-iFindStart)      '如果是文件   If InStr(45,sInfo,"filename=""",1) > 0 Then    Set oFileInfo = new FileInfo_Class    '取得文件属性    iFindStart = InStr(iFindEnd,sInfo,"filename=""",1)+10    iFindEnd = InStr(iFindStart,sInfo,"""",1)    sFileName = Mid(sinfo,iFindStart,iFindEnd-iFindStart)    oFileInfo.FileName = Mid(sFileName,InStrRev(sFileName, "/")+1)    oFileInfo.FilePath = Left(sFileName,InStrRev(sFileName, "/"))    oFileInfo.FileExt = Lcase(Mid(sFileName,InStrRev(sFileName, ".")+1))    iFindStart = InStr (iFindEnd,sInfo,"Content-Type: ",1)+14    iFindEnd = InStr (iFindStart,sInfo,vbCr)    oFileInfo.FileType = Ucase(Mid(sinfo,iFindStart,iFindEnd-iFindStart))    oFileInfo.FileStart = iInfoEnd    oFileInfo.FileSize = iFormStart -iInfoEnd -2    oFileInfo.FormName = sFormName    If Instr(oFileInfo.FileType,"IMAGE/") Or Instr(oFileInfo.FileType,"FLASH") Then     FileBlag = GetImageSize     oFileInfo.FileExt = FileBlag(0)     oFileInfo.FileWidth = FileBlag(1)     oFileInfo.FileHeight = FileBlag(2)     FileBlag = Empty    End If    If CHK_MaxSize > 0 Then     If oFileInfo.FileSize > CHK_MaxSize Then      Err = 2      Exit Sub     End If    End If    If CheckErr(oFileInfo.FileExt) = False Then Exit Sub    File.Add sFormName,oFileInfo   Else    '如果是表单项目    tStream.Close    tStream.Type = 1    tStream.Mode = 3    tStream.Open    oUpFileStream.Position = iInfoEnd    oUpFileStream.CopyTo tStream,iFormStart-iInfoEnd-2    tStream.Position = 0    tStream.Type = 2    tStream.CharSet = "gb2312"    sFormValue = tStream.ReadText    If Form.Exists (sFormName) Then _     Form (sFormName) = Form (sFormName) & ", " & sFormValue _    Else _     Form.Add sFormName,sFormValue   End If   tStream.Close   iFormStart = iFormStart+iStart+2    '如果到文件尾了就退出    Loop Until  (iFormStart+2) = iFormEnd    RequestBinDate = ""    Set tStream = Nothing  End Sub  '/------------------------------------  '/【成员函数:检查文件扩展名】  '/------------------------------------  Private Function CheckErr(Byval ChkExt)   CheckErr=False   If CHK_FileType = "" Then CheckErr=True : Exit Function   Dim ChkStr   ChkStr = ","&Lcase(CHK_FileType)&","   If Instr(ChkStr,","&ChkExt&",")>0 Then _    CheckErr=True _   Else _    Err = 3  End Function  '/------------------------------------  '/【成员函数:获得图像的宽和高】  '/------------------------------------  Private Function Bin2Str(Byval Bin)   Dim i, Str, Sclow   For i = 1 To LenB(Bin)    Sclow = MidB(Bin,i,1)    If ASCB(Sclow)<128 Then     Str = Str & Chr(ASCB(Sclow))    Else     i = i+1     If i <= LenB(Bin) Then Str = Str & Chr(ASCW(MidB(Bin,i,1)&Sclow))    End If   Next   Bin2Str = Str  End Function  Private Function Num2Str(Byval num,Byval Base,Byval Lens)   Dim ImageSize   ImageSize = ""   While(num>=Base)    ImageSize = (num mod Base) & ImageSize    num = (num - num mod Base)/Base   Wend   Num2Str = Right(String(Lens,"0") & num & ImageSize,Lens)  End Function  Private Function Str2Num(Byval str,Byval Base)   Dim ImageSize,i   ImageSize = 0   For i=1 To Len(str)    ImageSize = ImageSize *Base + Cint(Mid(str,i,1))   Next   Str2Num = ImageSize  End Function  Private Function BinVal(Byval bin)   Dim ImageSize,i   ImageSize = 0   For i = lenb(bin) To 1 Step -1    ImageSize = ImageSize *256 + ASCB(Midb(bin,i,1))   Next   BinVal = ImageSize  End Function  Private Function BinVal2(Byval bin)   Dim ImageSize,i   ImageSize = 0   For i = 1 To Lenb(bin)    ImageSize = ImageSize *256 + ASCB(Midb(bin,i,1))   Next   BinVal2 = ImageSize  End Function  '/------------------------------------  '/【成员函数:获得图片信息】  '/------------------------------------  Private Function GetImageSize()   Dim ImageSize(2),bFlag   bFlag = oUpFileStream.Read(3)   Select Case Hex(BinVal(bFlag))    Case "4E5089":     oUpFileStream.Read(15)     ImageSize(0) = "png"     ImageSize(1) = BinVal2(oUpFileStream.Read(2))     oUpFileStream.Read(2)     ImageSize(2) = BinVal2(oUpFileStream.Read(2))    Case "464947":     oUpFileStream.Read(3)     ImageSize(0) = "gif"     ImageSize(1) = BinVal(oUpFileStream.Read(2))     ImageSize(2) = BinVal(oUpFileStream.Read(2))    Case "535746":     Dim BinData,sConv,nBits     oUpFileStream.Read(5)     BinData = oUpFileStream.Read(1)     sConv = Num2Str(ASCB(BinData),2 ,8)     nBits = Str2Num(Left(sConv,5),2)     sConv = Mid(sConv,6)     While(Len(sConv)<nBits*4)      BinData = oUpFileStream.Read(1)      sConv = sConv&Num2Str(ASCB(BinData),2 ,8)     Wend     ImageSize(0) = "swf"     ImageSize(1) = Int(ABS(Str2Num(Mid(sConv,1*nBits+1,nBits),2)-Str2Num(Mid(sConv,0*nBits+1,nBits),2))/20)     ImageSize(2) = Int(ABS(Str2Num(Mid(sConv,3*nBits+1,nBits),2)-Str2Num(Mid(sConv,2*nBits+1,nBits),2))/20)    Case "535743":'flashmx     ImageSize(0) = "swf"     ImageSize(1) = 0     ImageSize(2) = 0    Case "FFD8FF":     Dim p1     Do      Do: p1 = BinVal(oUpFileStream.Read(1)): Loop While p1 = 255 And Not oUpFileStream.EOS      If p1>191 and p1<196 Then Exit Do Else oUpFileStream.Read(BinVal2(oUpFileStream.Read(2))-2)      Do:p1 = BinVal(oUpFileStream.Read(1)):Loop While p1<255 And Not oUpFileStream.EOS      Loop While True      oUpFileStream.Read(3)      ImageSize(0) = "jpg"      ImageSize(2) = BinVal2(oUpFileStream.Read(2))      ImageSize(1) = BinVal2(oUpFileStream.Read(2))    Case Else:     If Left(Bin2Str(bFlag),2) = "BM" Then      oUpFileStream.Read(15)      ImageSize(0) = "bmp"      ImageSize(1) = BinVal(oUpFileStream.Read(4))      ImageSize(2) = BinVal(oUpFileStream.Read(4))     Else      ImageSize(0) = "(UNKNOWN)"     End If   End Select   GetImagesize = ImageSize  End Function   End Class '/------------------------------------ '/【文件信息类】 '/包括文件数据的读取保存 '/------------------------------------   Class FileInfo_Class  Public FormName,FileName,FilePath,FileSize,FileType,FileStart,FileExt,FileWidth,FileHeight  Private Sub Class_Initialize   FileWidth=0   FileHeight=0  End Sub  '/------------------------------------  '/【检查文件内是否有恶意Tags】  '/------------------------------------  Public Function byte2asc(inbyte)  dim ThisCharCode,tmpreturn,NextCharCode,tmpvar  tmpreturn = ""  For tmpvar = 1 To LenB(inbyte)  ThisCharCode = AscB(MidB(inbyte,tmpvar,1))  If ThisCharCode < &H80 Then  tmpreturn = tmpreturn & Chr(ThisCharCode)  Else  NextCharCode = AscB(MidB(inbyte,tmpvar+1,1))  tmpreturn = tmpreturn & Chr (CLng(ThisCharCode) * &H100 + CInt(NextCharCode))  tmpvar = tmpvar + 1  End If  Next  byte2asc = tmpreturn  End Function  '/------------------------------------  '/【将文件数据保存到服务端】  '/------------------------------------  Public Sub SaveToFile (Byval Path)   Dim Ext,oFileStream   Ext = LCase(Mid(Path, InStrRev(Path, ".") + 1))   If Ext <> FileExt Then Exit Sub   On Error Resume Next   if instr(byte2asc(FileData),chr(60)&chr(37)) > 0 or instr(byte2asc(FileData),chr(37)&chr(62)) > 0 then   response.write("您上传的文件中包含不安全的代码,抱歉!<a href='javascript:history.go(-1)'>&nbsp;&nbsp;←返回</a>")   response.end   Exit Sub   End if    Set oFileStream = CreateObject ("Adodb.Stream")   oFileStream.Type = 1   oFileStream.Mode = 3   oFileStream.Open   oUpFileStream.Position = FileStart   oUpFileStream.CopyTo oFileStream,FileSize   oFileStream.SaveToFile Path,2   oFileStream.Close   Set oFileStream = Nothing  End Sub  '/------------------------------------  '/【取得上传的文件数据】  '/------------------------------------  Public Function FileData   oUpFileStream.Position = FileStart   FileData = oUpFileStream.Read (FileSize)  End Function   End Class %>

这样免得ASP文件进入服务器
----------------------------------------------------------------------------
    :点这里下载

下载后直接覆盖掉根目录upload.inc的那个就可以了