Thank you for your LCX! A few days ago, I would like to ask about the problem of Web uploading to the Web. I have to use STM to upload. I can implement the program. I will give me a piece of code:
see
A code given by LCX big brother!
Said to be saved as STM or SHTML, running as follows:
HTTP_ACCEPT: Image / GIF, Image / X-Xbitmap, Image / JPEG, Image / Pjpeg, Application / X-Shockwave-Flash, Application / VND.MS-PowerPoint, Application / VND.MS-Excel, Application / Msword, * / * HTTP_ACCEPT_LANGUAGE: zh-cn HTTP_CONNECTION: Keep-Alive HTTP_HOST: localhost HTTP_USER_AGENT: Mozilla / 4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 1.1.4322) HTTP_COOKIE: nbblastactivity = 1100263629; bblastvisit = 1100264583; bblastactivity = 1100265530; bbuserid = 1; bbpassword = 0f8514d1ed2eaa91fb9a87a568f6c96f; ASPSESSIONIDAQTSDRQQ = JOGDCEBDCNKFMLGDNFHPDHMJ HTTP_ACCEPT_ENCODING: gzip, deflate the current file name: F: name and version /Web/1.stmWeb server: Microsoft-IIS / 5.0 host name: localhost port: 80 customers or Customer Agent IP Address: 127.0.0.1 Customer or Customer Agent Host Name: 127.0.0.1path_info value, but with a virtual path with an extension to a directory specification: f: /web/1.stm client gives additional path information : /1.stmimage/gif, image / x-xbitmap, image / jpeg, image / pjpeg, application / x-shockwave-flash, application / vnd.ms-powerpoint, application / vnd.ms-excel, application / msword, * / *
I have been intake!
I saw a paragraph in the phantom brigade today.
QuoteD from unkown: When the website does not allow files such as ASP CER CDX HTR, upload a STM file, the content is: Direct requests this STM file, Conn.asp In a list, the database path is also in hand!
And after reading the introduction of the SHTML, suddenly realized, finally understood!
It turned out to be as mentioned above.
is an SSI directive, its role is to copy "info.htm" to the current page, when the visitor is browsing, it will see other The contents of INFO.htm are displayed like the HTML document.
I am successful in the local test! Used a Test.STM file in my IIS directory, the content is:
I put a piece of Trojan file in the same directory ok.asp.
Request Test.stm in the browser, there is nothing to reflect, a blank.
But one look at the source code, fainted, it is the content of my ASP file!
This way we can use this to get the web's conn file to get the database path, but a premise is that the server is not deleted with the extension of STM or SHTML!
Thank you again for the guidance of LCX big brother!
