upfile_soft.asp漏洞修补

upfile_soft.asp漏洞修补

很老的一个漏洞,最早学黑的时候利用过,当时只顾拿webshell也不会原理和修补,只知道用挖掘鸡扫,然后明小子动力上传.今天帮看朋友看一学校网站,居然还存在这样的漏洞,顺便研究了一下,修了此漏洞.
修改upfile_class.asp文件,大概在inc文件夹下.
原代码:

oFileInfo.FileName = Mid (sFileName,InStrRev (sFileName, “\”)+1)
oFileInfo.FilePath = Left (sFileName,InStrRev (sFileName, “\”))
oFileInfo.FileExt = Mid (sFileName,InStrRev (sFileName, “.”)+1)

修改为:

oFileInfo.FileName = trim(Mid (sFileName,InStrRev (sFileName, “\”)+1))
oFileInfo.FilePath = trim(Left (sFileName,InStrRev (sFileName, “\”)))
oFileInfo.FileExt = trim(Mid (sFileName,InStrRev (sFileName, “.”)+1))

Tags: 漏洞

This entry was posted on 星期四, 七月 29th, 2010 at 18:38 and is filed under 学习技术. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “upfile_soft.asp漏洞修补”

Unknown Says:
八月 23rd, 2010 at 20:40
如果你不出去走走,你会以为这就是世界.
———————————————-
如果还没走,就以为已经走过了,你会以为这就是世界.
如果出去走走,一去不返了,你会以为这也是世界.
admin Says:
八月 26th, 2010 at 22:24
您真幽默!

Leave a Reply