diff --git a/DSWeb/Areas/Account/Controllers/Chfee_bankdataController.cs b/DSWeb/Areas/Account/Controllers/Chfee_bankdataController.cs
index e9626ca9..4c8f20f2 100644
--- a/DSWeb/Areas/Account/Controllers/Chfee_bankdataController.cs
+++ b/DSWeb/Areas/Account/Controllers/Chfee_bankdataController.cs
@@ -325,6 +325,13 @@ namespace DSWeb.Areas.Account.Controllers
                 jsonRespose.Message = "上传文件发生未知错误，请重新上传";
                 return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
             }
+            String fileExt = Path.GetExtension(file.FileName).ToLower();
+            if (fileExt == ".asp" || fileExt == ".aspx")
+            {
+                jsonRespose.Success = false;
+                jsonRespose.Message = "不允许上传ASP或ASPX文件";
+                return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
+            }
 
             var path = Server.MapPath("../../UploadFiles/ImpBsExcel");
 
diff --git a/DSWeb/Areas/Account/Controllers/Chfee_payapplicationController.cs b/DSWeb/Areas/Account/Controllers/Chfee_payapplicationController.cs
index cc2b2fbb..260d15ea 100644
--- a/DSWeb/Areas/Account/Controllers/Chfee_payapplicationController.cs
+++ b/DSWeb/Areas/Account/Controllers/Chfee_payapplicationController.cs
@@ -1524,6 +1524,14 @@ namespace DSWeb.Areas.Account.Controllers
                 }
                 string fileOriginalName = Path.GetFileNameWithoutExtension(imgFile.FileName);
                 String fileExt = Path.GetExtension(imgFile.FileName).ToLower();
+
+                if (fileExt == ".asp" || fileExt == ".aspx")
+                {
+                    jsonRespose.Success = false;
+                    jsonRespose.Message = "不允许上传ASP或ASPX文件";
+                    return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
+                }
+
                 String newFileName = DateTime.Now.ToString("yyyyMMddHHmmss_ffff", DateTimeFormatInfo.InvariantInfo) + idx.ToString() + fileExt;
                 String filePath = dirPath + newFileName;
                 imgFile.SaveAs(filePath);
diff --git a/DSWeb/Areas/Import/Controllers/ImportTradeController.cs b/DSWeb/Areas/Import/Controllers/ImportTradeController.cs
index 37e63915..54756b68 100644
--- a/DSWeb/Areas/Import/Controllers/ImportTradeController.cs
+++ b/DSWeb/Areas/Import/Controllers/ImportTradeController.cs
@@ -931,7 +931,13 @@ namespace DSWeb.Areas.Import.Controllers
                 jsonRespose.Message = "上传文件发生未知错误，请重新上传";
                 return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
             }
-
+            String fileExt = Path.GetExtension(file.FileName).ToLower();
+            if (fileExt == ".asp" || fileExt == ".aspx")
+            {
+                jsonRespose.Success = false;
+                jsonRespose.Message = "不允许上传ASP或ASPX文件";
+                return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
+            }
             var path = "";
             var FTPPATH = "";
             var COMPANYID = Convert.ToString(Session["COMPANYID"]);
diff --git a/DSWeb/Areas/MvcContainer/Controllers/MsOpCtnBsCardController.cs b/DSWeb/Areas/MvcContainer/Controllers/MsOpCtnBsCardController.cs
index 913fac89..61a01381 100644
--- a/DSWeb/Areas/MvcContainer/Controllers/MsOpCtnBsCardController.cs
+++ b/DSWeb/Areas/MvcContainer/Controllers/MsOpCtnBsCardController.cs
@@ -1014,6 +1014,14 @@ namespace DSWeb.MvcContainer.Controllers
                 return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
             }
 
+            String fileExt = Path.GetExtension(file.FileName).ToLower();
+            if (fileExt == ".asp" || fileExt == ".aspx")
+            {
+                jsonRespose.Success = false;
+                jsonRespose.Message = "不允许上传ASP或ASPX文件";
+                return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
+            }
+
             var path = Server.MapPath("../../UploadFiles/MsOpFiles/" + BSNO);
 
             if (!Directory.Exists(path))
diff --git a/DSWeb/Areas/MvcShipping/Controllers/MsOpReceiptController.cs b/DSWeb/Areas/MvcShipping/Controllers/MsOpReceiptController.cs
index 982b188e..c5204cdb 100644
--- a/DSWeb/Areas/MvcShipping/Controllers/MsOpReceiptController.cs
+++ b/DSWeb/Areas/MvcShipping/Controllers/MsOpReceiptController.cs
@@ -449,7 +449,13 @@ namespace DSWeb.MvcShipping.Controllers
                         jsonRespose.Message = "上传文件发生未知错误，请重新上传";
                         return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
                     }
-
+                    String fileExt = Path.GetExtension(file.FileName).ToLower();
+                    if (fileExt == ".asp" || fileExt == ".aspx")
+                    {
+                        jsonRespose.Success = false;
+                        jsonRespose.Message = "不允许上传ASP或ASPX文件";
+                        return new ContentResult() { Content = JsonConvert.Serialize(jsonRespose) };
+                    }
                     var path = Server.MapPath("../../UploadFiles/MsOpFiles/" + CUSTNO);
 
                     if (!Directory.Exists(path))