asp图片上传漏洞

ASP　2008/5/23 11:29:45　　点击：不统计

关键词：asp图片上传漏洞，asp上传漏洞，asp上传漏洞防范，asp上传漏洞修复，asp图片上传修复，asp上传漏洞

.......（上传图片代码省略了）

file.SaveAs Server.mappath(lastpath)

lastpath="已经上传的图片路径"

sFile=server.mappath(lastpath)

set MyFile=server.CreateObject("Scripting.FileSystemObject")

set MyText=MyFile.OpenTextFile(sFile, 1) '读取文本文件

sTextAll=lcase(MyText.ReadAll)

MyText.close

sStr=".getfolder,.createfolder,.deletefolder,.createdirectory,.deletedirectory,.saveas,wscript.shell,script,.encode.,重命名,修改,属性,文件,浏览器,新建,复制,成功,参数错误,服务器,空间,下载,http,create,delete,fso,set,select,execute,response"

sNoString=split(sStr,",")

for i=0 to ubound(sNoString)

if instr(sTextAll,sNoString(i)) then

SET fs=server.CreateObject("Scripting.FileSystemObject")

if FS.FileExists(sFile) then

FS.DeleteFile(sFile)

end if

set fs=nothing

response.Write "<script>alert('上传操作失败,非法图片'),window.history.go(-1);</script>"

response.end

end if

next

关键词：asp图片上传漏洞，asp上传漏洞，asp上传漏洞防范，asp上传漏洞修复，asp图片上传修复，asp上传漏洞

·上一篇：防sql注入函数 >> 　　　·下一篇：判断网址是否存在 >>