Use ASP and asp.net to create folders and files.

Asp.net| Create

Asp:

<%
Sub WriteFile (file)
Response.Write "File:" +file
Dim FSO, TF
Set fso = CreateObject ("Scripting.FileSystemObject")
Set tf = fso. CreateTextFile (file, True)
Tf. WriteLine ("Testing 1, 2, 3.")
Tf. WriteBlankLines (3)
' Write a line.
Tf. Write ("This is a test.")
Tf. Close
Set tf = Nothing
Set fso = Nothing
End Sub

Sub CreateFolder (PATH)
Dim Fso,fldr
Set fso = CreateObject ("Scripting.FileSystemObject")
Set Fldr = fso. CreateFolder (PATH)
Response.Write "Create directory:" &fldr. Name
Set Fldr = Nothing
Set fso = Nothing
End Sub

Path = Request.QueryString ("path")
filename = request.querystring ("filename")
File = path + "\" + filename
If path<> "" or filename<> "" Then
CreateFolder (PATH)
WriteFile (file)
End If
%>

asp.net

<%@ Page language= "C #" debug= "true" contenttype= "text/html" responseencoding= "gb2312"%>
<%@ Import namespace= "System.Diagnostics"%>
<%@ Import namespace= "System.IO"%>

<%
String filestr=request.params["file"]+ "";
Filestr=filestr. Trim ();
if (filestr== "") {
Response.Write ("File is null<p>");
Return
}

Response.Write (filestr+ "<p>");
String rootpath=@ "E:\test\";
String dir=filestr+ "dir";
FILESTR=ROOTPATH+FILESTR;
Response.Flush ();

if (directory.exists (Rootpath+dir)) Response.Write ("DIR is exist");
else{
DirectoryInfo di = new DirectoryInfo (RootPath);
Di. Createsubdirectory (dir);
Response.Write ("Create dir:" +directory.createdirectory (dir));
}

Response.Write ("Start Write file str<p>");
Response.Flush ();

using (StreamWriter sw = new StreamWriter (FILESTR))
{
String line= "Test Ming";
Sw. Write (line);
Sw. Close ();
}
%>

Summary: ASP and asp.net can create folders and files, ASP is using FSO components, and asp.net is a class library, so when the ASP does not support FSO, the above code can not work, and asp.net will not have this problem. However, the asp.net operation requires sufficient permissions, and the ASP appears to have this vulnerability.