StarNet interactive upload vulnerability analysis-vulnerability warning-the black bar safety net

2011-12-23T00:00:00
ID MYHACK58:62201132686
Type myhack58
Reporter 佚名
Modified 2011-12-23T00:00:00

Description

Author:like a dog man

upfile_flash. asp

<%

set upload=new upload_file

if upload. form (the"act")="uploadfile" then

filepath=trim(upload. form("filepath"))

filelx=trim(upload. form("filelx"))

i=0

for each formName in upload. File

set file=upload. File(formName)

fileExt=lcase(file. FileExt) 'get the file extension does not contain.

if file. filesize<1 0 0 then

response. write "please select your file to upload it! [ Re-upload]”

response. end

end if

if (filelx<>“swf”) and (filelx<>“jpg”) then

response. write “this file type cannot be uploaded! [ Re-upload]”

response. end

end if

if filelx=”swf” then

if fileext<>“swf” then

response. write “you can only upload the swf format Flash file! [ Re-upload]”

response. end

end if

end if

if filelx=”jpg” then

if fileext<>“gif” and fileext<>“jpg” and fileext<>“swf” then

response. write “you can only upload jpg/gif/swf format pictures! [ Re-upload]”

response. end

end if

end if

if filelx=”swf” then

if file. filesize>(3 0 0 0*1 0 2 4) then

response. write “maximum upload 3M Flash file! [ Re-upload]”

response. end

end if

end if

if filelx=”jpg” then

if file. filesize>(1 0 0 0*1 0 2 4) then

response. write “most big www. myhack58. com can only upload 1000K pictures files! [ Re-upload]”

response. end

end if

end if

randomize

ranNum=int(9 0 0 0 0*rnd)+1 0 0 0 0

filename=filepath&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&”.”& amp;fileExt

%>

<%

if file. FileSize>0 then ”if FileSize > 0 Description there is a file data

‘file. SaveAs Server. mappath(filename) ”to save the file

file. SaveToFile Server. mappath(FileName)

‘response. write file. FileName&” upload success!

‘response. write “new file name:”&FileName&”

‘response. write “the new file name has been copied to the desired location, you can close the window!”

if filelx=”swf” then

response. write “”

end if

response. write “”

%>

<%

end if

set file=nothing

next

set upload=nothing

end if

%>

Directly with Ming boy upload

Fix:

The above analysis in detail, and fix it myself.