swfu007fu007f 插入html,FCKEditor ASP Version 2.6.8任意文件上传漏洞分析

Sub FileUpload( resourceType, currentFolder, sCommand )

Dim oUploader

Set oUploader = New NetRube_Upload

oUploader.MaxSize        = 0

oUploader.Allowed        = ConfigAllowedExtensions.Item( resourceType )

oUploader.Denied        = ConfigDeniedExtensions.Item( resourceType )

oUploader.HtmlExtensions = ConfigHtmlExtensions

oUploader.GetData

Dim sErrorNumber

sErrorNumber = "0"

Dim sFileName, sOriginalFileName, sExtension

sFileName = ""

If oUploader.ErrNum > 0 Then

sErrorNumber = "202"

Else

' Map the virtual path to the local server path.

Dim sServerDir

sServerDir = ServerMapFolder( resourceType, currentFolder, sCommand )

Dim oFSO

Set oFSO = Server.CreateObject( "Scripting.FileSystemObject" )

if not (oFSO.FolderExists( sServerDir ) ) then

sErrorNumber = "102"

else

' Get the uploaded file name.

sFileName        = oUploader.File( "NewFile" ).Name

sExtension        = oUploader.File( "NewFile" ).Ext

sFileName = SanitizeFileName( sFileName )

sOriginalFileName = sFileName

Dim iCounter

iCounter = 0

Do While ( True )

Dim sFilePath

sFilePath = CombineLocalPaths(sServerDir, sFileName)

If ( oFSO.FileExists( sFilePath ) ) Then

iCounter = iCounter + 1

sFileName = RemoveExtension( sOriginalFileName ) & "(" & iCounter & ")." & sExtension

sErrorNumber = "201"

Else

oUploader.SaveAs "NewFile", sFilePath

If oUploader.ErrNum > 0 Then sErrorNumber = "202"

Exit Do

End If

Loop

end if

End If

Set oUploader        = Nothing

dim sFileUrl

sFileUrl = CombinePaths( GetResourceTypePath( resourceType, sCommand ) , currentFolder )

sFileUrl = CombinePaths( sFileUrl, sFileName )

If ( sErrorNumber = "0" or sErrorNumber = "201" ) then

SendUploadResults sErrorNumber, sFileUrl, sFileName, ""

Else

SendUploadResults sErrorNumber, "", "", ""

End If

End Sub

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值