2. Tech
  3. The principle of uploading the file vulnerability in the mobile network forum and the code implementation of the attack

The principle of uploading the file vulnerability in the mobile network forum and the code implementation of the attack

xiaoxiao2021-03-06  14

Recently, I have been busy, there is no time to contribute to the organization (really no strength, huh, huh). Just a few more time to listen to the pig (the current popular BBS safety comparison ", please refer to: http: // wvw.ttian.net/forum/viewtopic.php?id=269) The Internet Forum has a vulnerability to go uploaded any file. I didn't understand it. But I saw it all recently discussed this in this regard. Question, I have studied it, I found that this vulnerability does exist, and very serious, use small pigs to pass the DVBBS7.0 SP2 below. Although some people have known the attack method, there are still some problems. I will move below. This vulnerability of the network made a explanation. (I don't know if it will be embarrassed, because this vulnerability is too big).

Let's take a look at the relevant code of the mobile network forum upload file:

'=========== No component upload (UPLOAD_0) ====================

SUB UPLOAD_0 ()

SET UPLOAD = New Upfile_class' Establishing Upload Objects

UPLOAD.GETDATE (INT (forum_setting (56)) * 1024) 'Get upload data, not limited

ICOUNT = 0

IF upload.err> 0 THEN

SELECT CASE UPLOAD.ERR

Case 1

Response.write "Please select the file you want to upload []"

Case 2

Response.write "picture size exceeds the limit" & forum_setting (56) & "k []"

End SELECT

EXIT SUB

Else

FormPath = UPLOAD.FORM ("FilePath")

'' After the directory (/)

IF Right (FormPath, 1) <> "/" THEN FORMPATH = FormPath & "/"

For each formname in Upload.file '' lists all uploaded files

Set file = UPLOAD.FILE (FORMNAME) '"Generates a file object

IF file.filesize <100 THEN

Response.write "Please select the picture you want to upload [ Re-upload ]"

Response.end

END IF

FILEEXT = LCASE (file.fileext)

If CheckfileExt (FileExt) = false

Response.write "file format is incorrect []"

Response.end

END IF

Randomize

Rannum = int (90000 * rND) 10000

FileName = FormPath & Year (now) & DAY (NOW) & HOUR (NOW) & Minute (NOW) & Second (NOW) & Rannum & "& FileExtif File.FileSize> 0 Then '' If FileSize> 0 Description Document Data

File.Savetofile Server.mappath (filename) '' Save File

'response.write file.filepath & file.filename & "(" & file.filesize & ") =>" & flmpath & file.filename & "success!

Response.write "