来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] 与其说是科技发展型企业网站源码无限制上传漏洞不如说是金玉FLASH滚动展示上传系统的无限制上传漏洞废话不多说,看代码01 !--#include file=upload_5xsoft.inc --02 style type=text/css03 !--04......
|
与其说是科技发展型企业网站源码无限制上传漏洞
不如说是金玉FLASH滚动展示上传系统的无限制上传漏洞 废话不多说,看代码 01 <!--#include file="upload_5xsoft.inc" --> 02 <style type="text/css"> 03 <!-- 04 a{ font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>; text-decoration: none} 05 a:hover { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>; text-decoration: underline} 06 td { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>} 07 br { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>} 08 .bk { font-size: 9pt; border: 1px <%=xcolor%> solid} 09 body { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none} 10 .an { font-family: "宋体"; font-size: 9pt; background-color: <%=bgcolor%>; border: 1px <%=xcolor%> solid; color: <%=fontcolor%>} 11 .xzy { border: <%=xcolor%> solid; border-width: 0px 1px 1px} 12 .zx { border: <%=xcolor%> solid; border-width: 0px 0px 1px 1px} 13 .sxz { border: <%=xcolor%> solid; border-width: 1px 0px 1px 1px} 14 .s { border: <%=xcolor%>; border-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px} 15 .y { border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 1px; border-bottom-width: 0px; border-left-width: 0px} 16 .font { font-family: "Arial Black"; font-size: 14pt; color: <%=fontcolor%>} 17 .x { border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px} 18 .z { border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 1px} 19 .sx { border: <%=xcolor%>; border-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px} 20 --> 21 </style> 22 <body bgcolor="ffffff" leftmargin="0" topmargin="0"> 23 <table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0"> 24 <tr> 25 <td align="center"> 26 <script language="Javascript"> 27 function eimage(smileface) 28 { 29 window.opener.document.form.eimage.value=smileface; 30 } 31 www.2cto.com 32 </script> 33 <% 34 set upload=new upload_5xSoft 35 set file=upload.file("file1") 36 formPath="../flash_images/" 37 if file.filesize>100 then 38 fileExt=lcase(right(file.filename,3)) 39 if fileExt="asp" then 40 Response.Write"文件类型非法" 41 end if 42 end if 43 randomize 44 ranNum=int(90000*rnd)+10000 45 filename=formPath&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt 46 picname="flash_images/"&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt 47 if file.FileSize>0 then 48 file.SaveAs Server.mappath(FileName) 49 end if 50 response.write "<img src=../pic/chenggong.gif></img> <br><a href=Javascript:eimage('"&picname&"');window.close();>我决定用这张图片</a> "%> 51 </td> 52 </tr> 53 </table> 54 </body> 大家可以看到什么都没有限 只是在上传asp的时候会提示文件非法 但是文件都给上传到了目录下 摘自 狗一样的男人's blog 修复方案:加强限制 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
