与其说是科技发展型企业网站源码无限制上传漏洞
不如说是金玉FLASH滚动展示上传系统的无限制上传漏洞
废话不多说,看代码
01 <!--#include file="upload_5xsoft.inc" -->
02 <style type="text/css">
03 <!--
04 a{ font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>; text-decoration: none}
05 a:hover { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>; text-decoration: underline}
06 td { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>}
07 br { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>}
08 .bk { font-size: 9pt; border: 1px <%=xcolor%> solid}
09 body { font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none}
10 .an { font-family: "宋体"; font-size: 9pt; background-color: <%=bgcolor%>; border: 1px <%=xcolor%> solid; color: <%=fontcolor%>}
11 .xzy { border: <%=xcolor%> solid; border-width: 0px 1px 1px}
12 .zx { border: <%=xcolor%> solid; border-width: 0px 0px 1px 1px}
13 .sxz { border: <%=xcolor%> solid; border-width: 1px 0px 1px 1px}
14 .s { border: <%=xcolor%>; border-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px}
15 .y { border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 1px; border-bottom-width: 0px; border-left-width: 0px}
16 .font { font-family: "Arial Black"; font-size: 14pt; color: <%=fontcolor%>}
17 .x { border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px}
18 .z { border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 1px}
19 .sx { border: <%=xcolor%>; border-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px}
20 -->
21 </style>
22 <body bgcolor="ffffff" leftmargin="0" topmargin="0">
23 <table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
24 <tr>
25 <td align="center">
26 <script language="Javascript">
27 function eimage(smileface)
28 {
29 window.opener.document.form.eimage.value=smileface;
30 }
31
www.2cto.com
32 </script>
33 <%
34 set upload=new upload_5xSoft
35 set file=upload.file("file1")
36 formPath="../flash_images/"
37 if file.filesize>100 then
38 fileExt=lcase(right(file.filename,3))
39 if fileExt="asp" then
40 Response.Write"文件类型非法"
41 end if
42 end if
43 randomize
44 ranNum=int(90000*rnd)+10000
45 filename=formPath&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt
46 picname="flash_images/"&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt
47 if file.FileSize>0 then
48 file.SaveAs Server.mappath(FileName)
49 end if
50 response.write "<img src=../pic/chenggong.gif></img> <br><a href=Javascript:eimage('"&picname&"');window.close();>我决定用这张图片</a> "%>
51 </td>
52 </tr>
53 </table>
54 </body>
大家可以看到什么都没有限
只是在上传asp的时候会提示文件非法
但是文件都给上传到了目录下
摘自 狗一样的男人's blog
修复方案:加强限制