- 漏洞位置:/online_test/jinwen/add_pic.asp
源代码
<!-- #Include file="dsn.asp"-->
<!--#include file="SundyUpload.asp"-->
<%
Set objUpload = new SundyUpload
xmlPath = Server.MapPath("1.xml")
objUpload.UploadInit xmlPath,"utf-8"
For Each fileFormName In objUpload.objFile
Set objFile=objUpload.objFile(fileFormName)
fileSize = objFile.FileSize
fileName = objFile.FileName
If fileSize > 0 Then
yy = year(date)
mm = right("0" & month(date),2)
dd = right("0" & day(date),2)
qstr = "select top 1 * from tblupload_img where test='1' and substring(img_filename,1,8)='" & yy & mm & dd & "' order by sn desc"
rs.open qstr,connJ,1,1
if rs.eof then
fn = yy & mm & dd & "0001"
else
fn = yy & mm & dd & right("000" & (Clng(mid(rs("img_filename"),9,4))+1),4)
end if
Arr_ext = split(fileName,".")
fn = fn & "." & Arr_ext(Ubound(Arr_ext))
objFile.SaveAs Server.MapPath(".")& "\upload_img\" & fn
else
fn = ""
End If
Next
qstr = "Insert into tblupload_img(img_filename) values('" & fn & "')"
'response.write qstr
'response.end
ConnJ.Execute(qstr)
response.redirect "add_pic.asp"
%>上传后保存路径:/online_test/jinwen/upload_img/202209230001.asp
没有回复内容