VULHUB ™

漏洞文件: down.asp ``` Const adTypeBinary = 1 FileName = Request.QueryString("FileName") if FileName = "" Then Response.Write "无效文件名！" Response.End End if FileExt = Mid(FileName, InStrRev(FileName, ".") + 1) Select Case UCase(FileExt) Case "ASP", "ASA", "ASPX", "ASAX", "MDB" Response.Write "非法操作！" Response.End End Select Response.Clear if lcase(right(FileName,3))="gif" or lcase(right(FileName,3))="jpg" or lcase(right(FileName,3))="png" then Response.ContentType = "image/*" '对图像文件不出现下载对话框 else Response.ContentType = "application/ms-download" end if Response.AddHeader "content-disposition", "attachment; filename=" & GetFileName(Request.QueryString("FileName")) Set Stream = server.CreateObject("ADODB.Stream") Stream.Type = adTypeBinary Stream.Open SavePath = FileUploadPath '存放上传文件的目录 TrueFileName = SavePath & FileName Stream.LoadFromFile Server.MapPath(TrueFileName) While Not Stream.EOS Response.BinaryWrite Stream.Read(1024 * 64) Wend ``` 沸腾展望新闻系统[核心:尘缘雅境] V1.1 Access版 Finish(SP3) 暂无

漏洞文件: down.asp ``` Const adTypeBinary = 1 FileName = Request.QueryString("FileName") if FileName = "" Then Response.Write "无效文件名！" Response.End End if FileExt = Mid(FileName, InStrRev(FileName, ".") + 1) Select Case UCase(FileExt) Case "ASP", "ASA", "ASPX", "ASAX", "MDB" Response.Write "非法操作！" Response.End End Select Response.Clear if lcase(right(FileName,3))="gif" or lcase(right(FileName,3))="jpg" or lcase(right(FileName,3))="png" then Response.ContentType = "image/*" '对图像文件不出现下载对话框 else Response.ContentType = "application/ms-download" end if Response.AddHeader "content-disposition", "attachment; filename=" & GetFileName(Request.QueryString("FileName")) Set Stream = server.CreateObject("ADODB.Stream") Stream.Type = adTypeBinary Stream.Open SavePath = FileUploadPath '存放上传文件的目录 TrueFileName = SavePath & FileName Stream.LoadFromFile Server.MapPath(TrueFileName) While Not Stream.EOS Response.BinaryWrite Stream.Read(1024 * 64) Wend ``` 沸腾展望新闻系统[核心:尘缘雅境] V1.1 Access版 Finish(SP3) 暂无