中科新闻网绍兴旅游景点门票:十万分火急---程序漏洞一(上传图片文件“保存”部分)
来源:百度文库 编辑:中科新闻网 时间:2024/04/30 21:37:55
程序:asp+access
不知是哪里的问题,上传图片文件“保存”部分经常被他人修改,有时会被删除或修改 该文件,以下是上传“保存”部分的文件内容,请大家找点漏洞,以弥补。图片文件提交部分在另外一个贴,待会显示了,补充在下面(顺便写出解决方法,谢谢!)
< !--#include file="upload_wj.inc"-- >
< %
set upload=new upload_file
if upload.form("act")="uploadfile" then
filepath=trim(upload.form("filepath"))
filelx=trim(upload.form("filelx"))
i=0
for each formName in upload.File
set file=upload.File(formName)
fileExt=lcase(file.FileExt) '得到的文件扩展名不含有.
if file.filesize<100 then
response.write "<script language=javascript>alert('请先选择你要上传的文件!');history.go(-1);</script>"
response.end
end if
if (filelx<>"swf") and (filelx<>"jpg") then
response.write "<script language=javascript>alert('该文件类型不能上传!');history.go(-1);</script>"
response.end
end if
if filelx="swf" then
if fileext<>"swf" then
response.write "<script language=javascript>alert('只能上传swf格式的Flash文件!');history.go(-1);</script>"
response.end
end if
end if
if filelx="jpg" then
if fileext<>"gif" and fileext<>"jpg" then
response.write "<script language=javascript>alert('只能上传jpg或gif格式的图片!');history.go(-1);</script>"
response.end
end if
end if
if filelx="swf" then
if file.filesize>(300*1024) then
response.write "<script language=javascript>alert('Flash文件大小不能超过300K!');history.go(-1);</script>"
response.end
end if
end if
if filelx="jpg" then
if file.filesize>(150*1024) then
response.write "<script language=javascript>alert('图片文件大小不能超过150k!');history.go(-1);</script>"
response.end
end if
end if
randomize
ranNum=int(90000*rnd)+10000
filename=filepath&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt
%>
<%
if file.FileSize>0 then ''如果 FileSize > 0 说明有文件数据
'file.SaveAs Server.mappath(filename) ''保存文件
file.SaveToFile Server.mappath(FileName)
'response.write file.FileName&" 上传成功! <br>"
'response.write "新文件名:"&FileName&"<br>"
'response.write "新文件名已复制到所需的位置,可关闭窗口!"
if filelx="swf" then
response.write "<script>window.opener.document."&upload.form("FormName")&".size.value='"&int(file.FileSize/1024)&" K'</script>"
end if
response.write "<script>window.opener.document."&upload.form("FormName")&"."&upload.form("EditName")&".value='"&FileName&"'</script>"
%>
<%
end if
set file=nothing
next
set upload=nothing
end if
% >
<script language="javascript">
window.alert("文件上传成功!请不要修改生成的链接地址!");
window.close();
</script>
http://zhidao.baidu.com/question/6111779.html
不知是哪里的问题,上传图片文件“保存”部分经常被他人修改,有时会被删除或修改 该文件,以下是上传“保存”部分的文件内容,请大家找点漏洞,以弥补。图片文件提交部分在另外一个贴,待会显示了,补充在下面(顺便写出解决方法,谢谢!)
< !--#include file="upload_wj.inc"-- >
< %
set upload=new upload_file
if upload.form("act")="uploadfile" then
filepath=trim(upload.form("filepath"))
filelx=trim(upload.form("filelx"))
i=0
for each formName in upload.File
set file=upload.File(formName)
fileExt=lcase(file.FileExt) '得到的文件扩展名不含有.
if file.filesize<100 then
response.write "<script language=javascript>alert('请先选择你要上传的文件!');history.go(-1);</script>"
response.end
end if
if (filelx<>"swf") and (filelx<>"jpg") then
response.write "<script language=javascript>alert('该文件类型不能上传!');history.go(-1);</script>"
response.end
end if
if filelx="swf" then
if fileext<>"swf" then
response.write "<script language=javascript>alert('只能上传swf格式的Flash文件!');history.go(-1);</script>"
response.end
end if
end if
if filelx="jpg" then
if fileext<>"gif" and fileext<>"jpg" then
response.write "<script language=javascript>alert('只能上传jpg或gif格式的图片!');history.go(-1);</script>"
response.end
end if
end if
if filelx="swf" then
if file.filesize>(300*1024) then
response.write "<script language=javascript>alert('Flash文件大小不能超过300K!');history.go(-1);</script>"
response.end
end if
end if
if filelx="jpg" then
if file.filesize>(150*1024) then
response.write "<script language=javascript>alert('图片文件大小不能超过150k!');history.go(-1);</script>"
response.end
end if
end if
randomize
ranNum=int(90000*rnd)+10000
filename=filepath&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt
%>
<%
if file.FileSize>0 then ''如果 FileSize > 0 说明有文件数据
'file.SaveAs Server.mappath(filename) ''保存文件
file.SaveToFile Server.mappath(FileName)
'response.write file.FileName&" 上传成功! <br>"
'response.write "新文件名:"&FileName&"<br>"
'response.write "新文件名已复制到所需的位置,可关闭窗口!"
if filelx="swf" then
response.write "<script>window.opener.document."&upload.form("FormName")&".size.value='"&int(file.FileSize/1024)&" K'</script>"
end if
response.write "<script>window.opener.document."&upload.form("FormName")&"."&upload.form("EditName")&".value='"&FileName&"'</script>"
%>
<%
end if
set file=nothing
next
set upload=nothing
end if
% >
<script language="javascript">
window.alert("文件上传成功!请不要修改生成的链接地址!");
window.close();
</script>
http://zhidao.baidu.com/question/6111779.html
或许我可以帮你
加我QQ105187501
讨论