Function Chkfile (FileName)
Dim temp,filetype,f
Chkfile=false
Filetype=lcase (FileName, ".") (UBound (FileName, ".")))
temp= "|asp|aspx|cgi|php|cdx|cer|asa|"
If Instr (Temp, "|") &filetype "|") >0 Then Chkfile=true
F=replace (Request ("FileName"), ".", "" "
If InStr (1,F,CHR) >0 or InStr (1,F,CHR) >0 or InStr (1,F,CHR) >0 Then
End Function
When you check the download file type, you can download it only when you are not the types.
So there are vulnerabilities that we can construct such a download
Http://www.yimxu.com/bbs/ViewFile.asp?filename=../../inc/conn.asp%20
Note that a number of% 20 is appended, representing the space.
Savemyinfo ()
noticed that
Sex=yxbbs.fun.getstr ("Sex")
Qq=yxbbs.fun.getstr ("QQ")
Isqqpic=yxbbs.fun.getstr ("Isqqpic")
Public Function getstr (STR)
str = Trim (Request.Form (str))
If IsEmpty (STR) Then
STR = ""
Else
str = Replace (str, "{", "{")
str = Replace (str, "}", "}")
str = Replace (str, "'", "'")
str = Replace (str, "|", "|")
End If
Getstr = Trim (STR)
End Function
sex= "&Sex&",
As you can see, Sex can be constructed into 1,sql injection statements ... The impact on the ASSCEE database is not too great, but the SQL statement is very influential.
3. Multiple cross-station vulnerabilities
Function
Public Function UBBG (str)
Dim RE
Set re=new REGEXP
Re. Ignorecase=true
Re. Global=true
Re. Pattern= "(javascript:) | ( <) | (>) | (height) | (width) | (JScript:) | (object) | (script) | (JS:) | (VBScript:) |
(VBS:) | (\.value) | (about:) | (File:) | (Document.cookie) | (On (mouse| exit|error|click|key|load))) "
Str=re. Replace (str, "")
Re. Pattern= "(&#)"
Str=re. Replace (str, "&#")
Set re=nothing
Ubbg=str
End Function
Because the worry is empty, so it can be constructed
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.