վϵͳļ©

©汾:

ACCESSSQL

 ©:

<%
Dim url,strUrl,strPath
url = Replace(Replace(Replace(Request("url"), "'", ""), "%", ""), "\", "/")
//ȽһЩַ滻'ɿգ%Ҳɿգ\/

If Len(url) > 3 Then
 If Left(url,1) = "/" Then
 Response.Redirect url //ûύurlһַ/ֱתurl
 End If
 If Left(url,3) = "../" Then
 Response.Redirect url //ͬϣ˼ǲ../תĿ¼
 End If
 strUrl = Left(url,10)
 If InStr(strUrl, "://") > 0 Then //://ʲôõ
 Response.Redirect url
 End If
 If InStr(url, "/") > 0 Then
 strPath = Server.MapPath(".") & "\" & url //ַ
 strPath = Replace(strPath, "/", "\") //滻/Ϊ\
 Call downThisFile(strPath) //HOHOʼ
 Else
 Response.Redirect url
 End If
End If

Sub downThisFile(thePath)
 Response.Clear
 On Error Resume Next
 Dim stream, fileName, fileContentType
 
 fileName = split(thePath,"\")(UBound(split(thePath,"\")))
 Set stream = Server.CreateObject("adodb.stream")
 stream.Open
 stream.Type = 1
 stream.LoadFromFile(thePath)
 Response.AddHeader "Content-Disposition", "attachment; filename=" & fileName
 Response.AddHeader "Content-Length", stream.Size
 Response.Charset = "UTF-8"
 Response.ContentType = "application/octet-stream"
 Response.BinaryWrite stream.Read 
 Response.Flush
 stream.Close
 Set stream = Nothing
End Sub
%>

 <* ο
http://www.2456.org.cn/myblog/article.asp?id=643
 *>
Է:

@Sebug.net   dis
վṩ()ܴй,ȫоѧ֮,Ը!1.ƺurlˣǲ../תĿ¼ġǣж../֣жurlǰַѡԣٺ٣ǰַ../ѵҺ治ǹһurlΪ"uploadfile/../../conn.asp"ĵַhttp://127.0.0.1/flash/downfile.asp?url=uploadfile/../../conn.aspٺ١conn.aspļ˰ɡ2.վõ˻ͦ