Loveyukis BLOG vulnerability patch

Source: Internet
Author: User

Author: I also want to explain it! Of course it's xiaolu! Pai_^
The following is the source code! Replace the original one!

<! -- # Include file = "commond. asp" -->
<! -- # Include file = "include/function. asp" -->
<! -- # Include file = "include/upfile. asp" -->
<% On Error Resume Next %>
<Head>
<Meta http-equiv = "Content-Type" content = "text/html; charset = UTF-8">
<Style type = "text/css">
<! --
Body {
Font-size: 12px;
Font-family: Tahoma, Verdana, "";
}
Table {
Font-family: Tahoma, Verdana, "";
Color: #000000;
Font-size: 12px;
Word-break: break-all;
}
A: link, a: visited {
Text-decoration: none;
Color: #003366;
Font-family: Tahoma, Verdana, "";
}
A: hover {
Text-decoration: none;
Color: # FF0000;
Font-family: Tahoma, Verdana, "";
}
Textarea, input, object {
Font-family: Tahoma, Verdana, "";
Font-size: 12px;
Color: #000000;
Font-weight: normal;
Background-color: # FFFFFF
}
-->
</Style>
</Head>
<Body leftmargin = "0" topmargin = "0" marginwidth = "0" marginheight = "0">
<Table width = "100%" border = "0" cellspacing = "0" cellpadding = "0" bgcolor = "# FFFFFF">
<Tr> <%
Server. ScriptTimeOut = 999
IF memStatus = "SupAdmin" OR memStatus = "Admin" Then
IF Request. QueryString ("action") = "upload" Then
Response. Write ("<td> ")
Dim FSO, FSOIsOK
FSOIsOK = 1
Set FSO = Server. createObject ("Scripting. FileSystemObject ")
If Err <> 0 Then
Err. Clear
FSOIsOK = 0
End If
Dim D_Name, F_Name
If FSOIsOK = 1 Then
D_Name = "month _" & DateToStr (Now (), "ym ")
If FSO. FolderExists (Server. MapPath ("attachments/" & D_Name) = False Then
FSO. createFolder Server. MapPath ("attachments/" & D_Name)
End If
Else
D_Name = "All_Files"
End If
Set FSO = Nothing
Dim FileUP
Set FileUP = New Upload_File
FileUP. GetDate (-1)
Dim F_File, F_Type
Set F_File = FileUP. File ("File ")
F_Name = Generator (1) & Year (now) & Month (now) & Day (now) & Hour (now) & Minute (now) & Second (now )&". "& F_File.FileExt
F_Type = Ucase (F_File.FileExt)
IF F_File.FileSize> Int (UP_FileSize) Then
Response. Write ("<a href = javascript: history. go (-1);> the file size exceeds. Please return and upload again </a> ")
ElseIF IsvalidFile (F_Type) = False Then
Response. Write ("<a href = javascript: history. go (-1);> the file format is invalid. please upload it again </a> ")
Else
F_File.SaveToFile Server. MapPath ("attachments/" & D_Name & "/" & F_Name)
Select Case F_Type
Case "GIF"
Response. write ("<SCRIPT> parent. input. message. value + = [img] attachments/"& D_Name &"/"& F_Name &" [/img] </SCRIPT> ")
Case "JPG"
Response. write ("<SCRIPT> parent. input. message. value + = [img] attachments/"& D_Name &"/"& F_Name &" [/img] </SCRIPT> ")
Case "JPEG"
Response. write ("<SCRIPT> parent. input. message. value + = [img] attachments/"& D_Name &"/"& F_Name &" [/img] </SCRIPT> ")
Case "PNG"
Response. write ("<SCRIPT> parent. input. message. value + = [img] attachments/"& D_Name &"/"& F_Name &" [/img] </SCRIPT> ")
Case "SWF"
Response. write ("<SCRIPT> parent. input. message. value + = [swf] attachments/"& D_Name &"/"& F_Name &" [/swf] </SCRIPT> ")
Case "WMA"
Response. write ("<SCRIPT> parent. input. message. value + = [wma] attachments/"& D_Name &"/"& F_Name &" [/wma] </SCRIPT> ")
Case "MP3"
Response. write ("<SCRIPT> parent. input. message. value + = [wma] attachments/"& D_Name &"/"& F_Name &" [/wma] </SCRIPT> ")
Case "MIDI"
Response. write ("<SCRIPT> parent. input. message. value + = [mid] attachments/"& D_Name &"/"& F_Name &" [/mid] </SCRIPT> ")
Case "AVI"
Response. write ("<SCRIPT> parent. input. message. value + = [wmv] attachments/"& D_Name &"/"& F_Name &" [/wmv] </SCRIPT> ")
Case "WMV"
Response. write ("<SCRIPT> parent. input. message. value + = [wmv] attachments/"& D_Name &"/"& F_Name &" [/wmv] </SCRIPT> ")
Case "RA"
Response. write ("<SCRIPT> parent. input. message. value + = [ra] attachments/"& D_Name &"/"& F_Name &" [/ra] </SCRIPT> ")
Case "RM"
Response. Write ("<SCRIPT> parent. input. message. value + =
</SCRIPT> ")
Case "RMVB"
Response. Write ("<SCRIPT> parent. input. message. value + =
</SCRIPT> ")
Case "MOV"
& Nb

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.