Use the IIS semicolon parsing upload vulnerability analysis-vulnerability warning-the black bar safety net

ID MYHACK58:62201129564
Type myhack58
Reporter 佚名
Modified 2011-02-25T00:00:00


First look at the following a very common file upload extension filter code:

fileExt=lcase(ofile. FileExt) arrUpFileType=split(UpFileType,"|") for i=0 to ubound(arrUpFileType) if fileEXT=trim(arrUpFileType(i)) then EnableUpload=true exit for end if next if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" or fileEXT="cer" or fileEXT="cdx" then EnableUpload=false end if if EnableUpload=false then msg="this file type not allowed to upload!\ n\n only allow the upload of several file types:" & amp; UpFileType FoundErr=true end if obviously, you want to upload the asp/asa/aspx/cer/cdx are to stand a chance. Of course php is possible, as long as added to the system configuration inside

But the trouble is rarely encountered asp/php at the same time support the look of your character.

Of course, the more effective approach is to increase the suffix“asp;"and“asa;”and“cer;”, etc., add their own.

The above code will skip. And after uploading the file suffix is also with a semicolon, but that's okay, windows 2 0 0 3 the server is a semicolon in front of the suffix shall prevail, so can explain, don't worry.