Bernard guestbook 4. 1 official version upload vulnerability-vulnerability warning-the black bar safety net

2013-03-27T00:00:00
ID MYHACK58:62201337984
Type myhack58
Reporter 佚名
Modified 2013-03-27T00:00:00

Description

Bernard guestbook 4. 1 official version,post a comment upload attachments can upload directly the ASP implementation file.

'If Action="addsave" Then KeywordsFilter(FilterKeyWord)

Dim RequestU,intCount,i,formName,FileSavePath,FileSaveName,uploadsDirVar

RelatePath=""

FileSavePath="./ ufiles/"&Year(Date())&"/"&Right("0"&Month(Date()),2)&"/"'"ufiles/2 0 0 9/"

'Set RequestU=new UpLoadClass

'RequestU. FileType="gif/jpg/rar/zip/7z/swf/bmp/png/jpeg"

'RequestU. Develop This Program Specifically=FileSavePath

'RequestU. MaxSize=2 0 0 0 0*1 0 2 4 '20M

'RequestU. Charset="UTF-8"

'RequestU. Open()

Set RequestU=New FreeASPUpload

'If HasPermission(9) Then

'uploadsDirVar=Server. MapPath(FileSavePath)

'RequestU. Save(uploadsDirVar)

RequestU. Upload()

'End If

!

Repair solutions:

You know..