Function fnUploadImg(ByVal upFile As HttpPostedFile, ByVal uploadPath As String) As String Dim result As String = "" Dim intImgSize As Int32 intImgSize = upFile.ContentLength If intImgSize <> 0 Then If intImgSize > 500000 Then result = "图片太大" Return result Exit Function End If Dim strImgType As String = upFile.ContentType '只接受.jpg格式的图片 Dim filesplit() As String = Split(strImgType, "/") strImgType = filesplit(filesplit.Length - 1) If strImgType = "jpg" Or strImgType = "jpeg" Then Else result = "图片格式错误" Return result Exit Function End If filesplit = Split(upFile.FileName, "\") Dim filename As String = filesplit(filesplit.Length - 1) upFile.SaveAs(Server.MapPath("upload\location\" & uploadPath) & "\" & filename) Dim imgpath As String = "upload/location/" & uploadPath & "/" & filename result = imgpath Return result End If End Function 突破方法:上传任意文件,抓包修改Content-Type为:image/jpeg
查看更多关于简单分析一个上传函数 上传漏洞突破 - 网站安的详细内容...
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://www.haodehen.cn/did15714