asp图片上传漏洞
关键词:asp图片上传漏洞,asp上传漏洞,asp上传漏洞防范,asp上传漏洞修复,asp图片上传修复,asp上传漏洞
.......(上传图片代码省略了)
file.SaveAs Server.mappath(lastpath)
lastpath="已经上传的图片路径"
sFile=server.mappath(lastpath)
set MyFile=server.CreateObject("Scripting.FileSystemObject")
set MyText=MyFile.OpenTextFile(sFile, 1) '读取文本文件
sTextAll=lcase(MyText.ReadAll)
MyText.close
sStr=".getfolder,.createfolder,.deletefolder,.createdirectory,.deletedirectory,.saveas,wscript.shell,script,.encode.,重命名,修改,属性,文件,浏览器,新建,复制,成功,参数错误,服务器,空间,下载,http,create,delete,fso,set,select,execute,response"
sNoString=split(sStr,",")
for i=0 to ubound(sNoString)
if instr(sTextAll,sNoString(i)) then
SET fs=server.CreateObject("Scripting.FileSystemObject")
if FS.FileExists(sFile) then
FS.DeleteFile(sFile)
end if
set fs=nothing
response.Write "<script>alert('上传操作失败,非法图片'),window.history.go(-1);</script>"
response.end
end if
next
关键词:asp图片上传漏洞,asp上传漏洞,asp上传漏洞防范,asp上传漏洞修复,asp图片上传修复,asp上传漏洞