网站中的隐形炸弹eWebEditor文件上传漏洞补丁
打开upload.asp文件
找到下面代码:
<%
sallowext = replace(ucase(sallowext), "asp", "")
%>
改为:
<%
sallowext = ucase(sallowext)
do while instr(sallowext, "asp") or instr(sallowext, "cer") or instr(sallowext, "asa") or instr(sallowext, "cdx") or instr(sallowext, "htr")
sallowext = replace(sallowext, "asp", "")
sallowext = replace(sallowext, "cer", "")
sallowext = replace(sallowext, "asa", "")
sallowext = replace(sallowext, "cdx", "")
sallowext = replace(sallowext, "htr", "")
loop
%>
转自:kinjava日志:
如对本文有疑问,
点击进行留言回复!!
网友评论