ewebeditor文本编辑器上传漏洞问题
ewebeditor文本编辑器上传漏洞问题
我在网上找资料说:
在Upload.asp文件里面,找到这句话sAllowExt = Replace(UCase(sAllowExt), "ASP", "")可是我找不到这句话吖
把这句话替换为
Do While InStr(sAllowExt, "ASP") or InStr(sAllowExt, "CER") or InStr(sAllowExt, "ASA") or InStr(sAllowExt, "CDX") or InStr(sAllowExt, "HTR")
sAllowExt = Replace(sAllowExt, "ASP", "")
sAllowExt = Replace(sAllowExt, "CER", "")
sAllowExt = Replace(sAllowExt, "ASA", "")
sAllowExt = Replace(sAllowExt, "CDX", "")
sAllowExt = Replace(sAllowExt, "HTR", "")
sAllowExt = Replace(sAllowExt, "CGI", "")
sAllowExt = Replace(sAllowExt, "ASPX", "")'
sAllowExt = Replace(sAllowExt, "ASP .JPG", "")
sAllowExt = Replace(sAllowExt, "CER .JPG", "")
sAllowExt = Replace(sAllowExt, "ASA .JPG", "")
sAllowExt = Replace(sAllowExt, "CDX .JPG", "")
sAllowExt = Replace(sAllowExt, "HTR .JPG", "")
sAllowExt = Replace(sAllowExt, "CGI .JPG", "")
sAllowExt = Replace(sAllowExt, "ASPX .JPG", "")
Loop