高校问答我们是兄弟结局解析:高手帮忙.如何修补这个文件的上传漏洞??
来源:百度文库 编辑:高校问答 时间:2024/05/08 00:26:56
--------upload.asp文件代码
<!--#include file="conn.asp" -->
<!--#include file="UpLoadClass.asp" -->
<style type="text/css">
td {font-size: 12px;}
</style>
<body bgcolor="f4f4f4">
<%
Server.ScriptTimeout=999
response.write"<body leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 oncontextmenu=window.event.returnValue=false>"&_
"<table width=100% height=100% border=0 cellspacing=0 cellpadding=0><tr>"
if request.querystring("it")="upload" then
if userid="" then
response.write"请先登陆!"
response.end
end if
savepathfile="uploadimg/"&year(now)&"-"&month(now)&"/"
Set fso = CreateObject("Scripting.FileSystemObject")
if fso.FolderExists(Server.MapPath(savepathfile))=false then fso.CreateFolder(Server.MapPath(savepathfile))
fso.close
set fso=nothing
Set myrequest=new UpLoadClass
myrequest.MaxSize=500*1024
myrequest.FileType="gif/jpg/bmp/rar/zip/torrent/swf"
myrequest.Savepath=savepathfile
myrequest.open
filename=myrequest.Form("file")
response.write "<td>"
if filename="" then
filemsg="上传中发生错误!"
else
filemsg="上传文件成功!"
mhz=split(filename,".")(1)
filemsg=filemsg&"<script language=javascript>"
filemsg=filemsg&"function insertsmilie(){"
filemsg=filemsg&"self.parent.formu.Content.value+=""[upload="&mhz&"]"&myrequest.Savepath&filename&"[/upload]"";}insertsmilie()"
filemsg=filemsg&"</script>"
Set myrequest=nothing
end if
response.write" "&filemsg&" <a href='javascript:history.back(1)'>返回</a>"
response.write"</td>"
else
response.write"<form name=form1 enctype='multipart/form-data' method=post action='upload.asp?it=upload'><td>"&_
"<input type='file' name='file' title='上传类型:.gif/jpg' style='width:330px;' "
if userid="" then response.write"disabled "
response.write"> "&_
"<input type='submit' name='Submit' value='上传'"
if userid="" then response.write"disabled "
response.write">"&_
"</td></form>"
end if
response.write"</tr></table>"
%>
<!--#include file="conn.asp" -->
<!--#include file="UpLoadClass.asp" -->
<style type="text/css">
td {font-size: 12px;}
</style>
<body bgcolor="f4f4f4">
<%
Server.ScriptTimeout=999
response.write"<body leftmargin=0 topmargin=0 marginwidth=0 marginheight=0 oncontextmenu=window.event.returnValue=false>"&_
"<table width=100% height=100% border=0 cellspacing=0 cellpadding=0><tr>"
if request.querystring("it")="upload" then
if userid="" then
response.write"请先登陆!"
response.end
end if
savepathfile="uploadimg/"&year(now)&"-"&month(now)&"/"
Set fso = CreateObject("Scripting.FileSystemObject")
if fso.FolderExists(Server.MapPath(savepathfile))=false then fso.CreateFolder(Server.MapPath(savepathfile))
fso.close
set fso=nothing
Set myrequest=new UpLoadClass
myrequest.MaxSize=500*1024
myrequest.FileType="gif/jpg/bmp/rar/zip/torrent/swf"
myrequest.Savepath=savepathfile
myrequest.open
filename=myrequest.Form("file")
response.write "<td>"
if filename="" then
filemsg="上传中发生错误!"
else
filemsg="上传文件成功!"
mhz=split(filename,".")(1)
filemsg=filemsg&"<script language=javascript>"
filemsg=filemsg&"function insertsmilie(){"
filemsg=filemsg&"self.parent.formu.Content.value+=""[upload="&mhz&"]"&myrequest.Savepath&filename&"[/upload]"";}insertsmilie()"
filemsg=filemsg&"</script>"
Set myrequest=nothing
end if
response.write" "&filemsg&" <a href='javascript:history.back(1)'>返回</a>"
response.write"</td>"
else
response.write"<form name=form1 enctype='multipart/form-data' method=post action='upload.asp?it=upload'><td>"&_
"<input type='file' name='file' title='上传类型:.gif/jpg' style='width:330px;' "
if userid="" then response.write"disabled "
response.write"> "&_
"<input type='submit' name='Submit' value='上传'"
if userid="" then response.write"disabled "
response.write">"&_
"</td></form>"
end if
response.write"</tr></table>"
%>