科技发展型企业网站源码无限制上传漏洞及修复

与其说是科技发展型企业网站源码无限制上传漏洞
 
不如说是金玉FLASH滚动展示上传系统的无限制上传漏洞
 
废话不多说，看代码
 
01 <!--#include file="upload_5xsoft.inc" --> 
 
02 <style type="text/css"> 
 
03 <!-- 
 
04 a{  font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>; text-decoration: none} 
 
05 a:hover {  font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>; text-decoration: underline} 
 
06 td {  font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>} 
 
07 br {  font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none; color: <%=fontcolor%>} 
 
08 .bk { font-size: 9pt; border: 1px <%=xcolor%> solid} 
 
09 body {  font-family: "宋体"; font-size: 9pt; font-style: normal; line-height: 13pt; font-weight: normal; font-variant: normal; text-transform: none} 
 
10 .an {  font-family: "宋体"; font-size: 9pt; background-color: <%=bgcolor%>; border: 1px <%=xcolor%> solid; color: <%=fontcolor%>} 
 
11 .xzy {  border: <%=xcolor%> solid; border-width: 0px 1px 1px} 
 
12 .zx {  border: <%=xcolor%> solid; border-width: 0px 0px 1px 1px} 
 
13 .sxz {  border: <%=xcolor%> solid; border-width: 1px 0px 1px 1px} 
 
14 .s {  border: <%=xcolor%>; border-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px} 
 
15 .y {  border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 1px; border-bottom-width: 0px; border-left-width: 0px} 
 
16 .font {  font-family: "Arial Black"; font-size: 14pt; color: <%=fontcolor%>} 
 
17 .x {  border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px} 
 
18 .z {  border: <%=xcolor%>; border-style: solid; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 1px} 
 
19 .sx {  border: <%=xcolor%>; border-style: solid; border-top-width: 1px; border-right-width: 0px; border-bottom-width: 1px; border-left-width: 0px} 
 
20 --> 
 
21 </style> 
 
22 <body bgcolor="ffffff" leftmargin="0" topmargin="0"> 
 
23 <table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0"> 
 
24   <tr> 
 
25     <td align="center"> 
 
26 <script language="Javascript"> 
 
27 function eimage(smileface) 
 
28 { 
 
29     window.opener.document.form.eimage.value=smileface; 
 
30 } 
 
31   www.2cto.com
 
32 </script> 
 
33       <% 
 
34 set upload=new upload_5xSoft 
 
35 set file=upload.file("file1") 
 
36 formPath="../flash_images/"
 
37 if file.filesize>100 then 
 
38 fileExt=lcase(right(file.filename,3)) 
 
39 if fileExt="asp" then 
 
40 Response.Write"文件类型非法"
 
41 end if 
 
42 end if 
 
43 randomize 
 
44 ranNum=int(90000*rnd)+10000 
 
45 filename=formPath&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt 
 
46 picname="flash_images/"&year(now)&month(now)&day(now)&hour(now)&minute(now)&second(now)&ranNum&"."&fileExt 
 
47 if file.FileSize>0 then  
 
48 file.SaveAs Server.mappath(FileName) 
 
49 end if 
 
50 response.write "<img src=../pic/chenggong.gif></img> <br><a href=Javascript:eimage('"&picname&"');window.close();>我决定用这张图片</a> "%> 
 
51     </td> 
 
52   </tr> 
 
53 </table> 
 
54 </body> 
大家可以看到什么都没有限
 
只是在上传asp的时候会提示文件非法
 
但是文件都给上传到了目录下
 
 
 
摘自 狗一样的男人's blog
 
修复方案：加强限制