PS: Today help a website to repair the vulnerability, take it out! ^ _ ^ ^ 动 网 论 上 上 文件 文件 文件 理 理 代 代 代 码 码 码 码 码 码 码 码 - - - - - , Huh, huh, I just listened to the small pig. I said that the loopholes of uploading any documents were uploaded. I didn't understand it. But I saw that I have discussed all the problems related to this area in the recent NB Forum. Let's find that this vulnerability does exist, and it is very serious, saying that it is dvbbs7.0 sp2 below DVBBS7.0 SP2. Although some people already know the attack method, there are still some problems. Below I will move this vulnerability to this network I explain it. (I don't know if it will be, because this vulnerability is too big). Let's first see the related code of the mobile network forum upload file: '=========== No component upload (UPLOAD_0) ==================== Sub upload_0 () set upload = new upfile_class '' Create upload object Upload.getdate (int (Forum_SETTING (56)) * 1024 ) 'Get upload data, unlimited size iCount = 0if upload.err> 0 ThenSelect Case Upload.errcase 1Response.write "Please select the file you want to upload [ Re-upload ] "Case 2Response.write" picture size exceeds the limit "& forum_setting (56) &" k [] " End SelectExit SubelseFormPath = UPLOAD.FORM ("FilePath") '' After the directory (/) IF Right (FormPath, 1) <> "/" THEN FORMPATH = FORMPATH & "/" for Each Formname in Upload.file 'column Some uploaded files set file = upload.file (formname) '' generated a file object if file.filesize <100 TenResponse.write "please select the picture you want to upload [ Re-upload ] "Response.Endend Iffile EXT = LCase (file.fileext) if checkfileext (fileext) = false "= false" file format is incorrect [] "Response.Endend Ifrandomizrannum = int (90000 * rND) 10000FileName = FormPath & Year (NOW) & Month (now) & Hour (now) & Minute (NOW) & Second (Now) & Rannum & ".
FileExtif File.FileSize> 0 Then '' If FileSize> 0 Description Document Data File.Savetofile Server.mappath (filename) '' Save File 'Response.write File.FilePath & File.FileName & "(" & File.FileSize & ") =>" & formPath & File.FileName & "success!
" response.write "
