|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
ASP由于使用了COM组件所以它会变的十分强大,但是这样的强大由于WindowsNT系统最初的设计问题而会引发大量的安全问题。只要在这样的组件或是操作中一不注意,哪么外部攻击就可以取得相当高的权限而导致网站瘫痪或者数据丢失;共有两个页面index.htm是首页.程序对照复杂,次要是用了ASP里的文件操纵工具。<!--index.htm---------------------->
<!DOCTYPEHTMLPUBLIC"-//W3C//DTDHTML4.01Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>UntitledDocument</title>
<metahttp-equiv="Content-Type"content="text/html;charset=gb2312">
</head>
<body>
<tablewidth="770"border="0"align="center"cellpadding="0"cellspacing="0">
<tr>
<td><formname="form1"method="post"action="send.asp">
<tablewidth="100%"border="0"cellpadding="0"cellspacing="0"bgcolor="#CCFFFF">
<tr>
<tdheight="20"><divalign="center">发送动静</div></td>
</tr>
<tr>
<td><divalign="center">
<textareaname="msg"cols="100"rows="6"></textarea>
</div></td>
</tr>
<tr>
<td><divalign="center">
<inputtype="submit"name="Submit"value="Submit">
<inputtype="reset"name="Submit2"value="Reset">
</div></td>
</tr>
</table>
</form></td>
</tr>
</table>
</body>
</html>
//send.asp
<%
functionchan_time(shijian)转换日期工夫函数
s_year=year(shijian)
iflen(s_year)=2thens_year="20"&s_year
s_month=month(shijian)
ifs_month<10thens_month="0"&s_month
s_day=day(shijian)
ifs_day<10thens_day="0"&s_day
s_hour=hour(shijian)
ifs_hour<10thens_hour="0"&s_hour
s_minute=minute(shijian)
ifs_minute<10thens_minute="0"&s_minute
chan_time=s_year&s_month&s_day&s_hour&s_minute
endfunction
functionchan_data(shijian)转换日期工夫函数
s_year=year(shijian)
iflen(s_year)=2thens_year="20"&s_year
s_month=month(shijian)
ifs_month<10thens_month="0"&s_month
s_day=day(shijian)
ifs_day<10thens_day="0"&s_day
chan_data=s_year&s_month&s_day
endfunction
functionchan_file(shijian)转换日期工夫函数
s_month=month(shijian)
ifs_month<10thens_month="0"&s_month
s_day=day(shijian)
ifs_day<10thens_day="0"&s_day
s_hour=hour(shijian)
ifs_hour<10thens_hour="0"&s_hour
s_minute=minute(shijian)
ifs_minute<10thens_minute="0"&s_minute
s_ss=second(shijian)
ifs_ss<10thens_ss="0"&s_ss
chan_file=s_month&s_day&s_hour&s_minute&s_ss
endfunction
top="<html><head><title>news</title></head><body>"
botom="</body></html>"
msg=request.Form("msg")
msg=replace(msg,vbcrlf,"")
msg=replace(msg,chr(9),"")
msg=replace(msg,"","")
msg=replace(msg,"
","<br>")
msg=replace(msg,"
","<br>")
msg=top&msg&botom
Setfs=Server.CreateObject("Scripting.FileSystemObject")
all_tree2=server.mappath("news")&""&chan_data(now)
if(fs.FolderExists(all_tree2))then判别明天的文件夹是不是存在
else
fs.CreateFolder(all_tree2)
endif
pass=chan_file(now)
randomize利用体系计时器来初始化乱数发生器
pass=rnd(pass)
pass=get_pass(pass)
pass=left(pass,10)
file1=pass
files=file1&".txt"
filez=all_tree2&""&files
setts=fs.createtextfile(filez,true)写文件
forz=1tolen(msg)
write_now=mid(msg,z,1)
ts.write(write_now)
next
ts.writeline(all_msg)
ts.close
setts=nothing文件天生
iferr.number0orerrthen%>
<scriptlanguage="javascript">
alert("不克不及完成")
</script>
<%else%>
<scriptlanguage="javascript">
alert("已完成")
history.back();
</script>
<%endif
SetMyFile=fs.GetFile(filez)
all_tree2=server.mappath("news")&""&chan_data(now)
if(fs.FolderExists(all_tree2))then
else
fs.CreateFolder(all_tree2)
endif
MyFile.name=left(MyFile.name,len(MyFile.name)-4)&".htm"
setMyFile=nothing
setfs=nothing
setfdir=nothing
functionget_pass(pass)
pass=cstr(pass)
pass=replace(pass,"","")
pass=replace(pass,"","")
pass=replace(pass,"-","")
pass=replace(pass,"","")
pass=replace(pass,":","")
pass=replace(pass,".","")
pass=replace(pass,"+","")
pass=replace(pass,"_","")
pass=replace(pass,"<","")
pass=replace(pass,">","")
pass=replace(pass,"!","")
pass=replace(pass,"@","")
pass=replace(pass,"#","")
pass=replace(pass,"$","")
pass=replace(pass,"%","")
pass=replace(pass,"^","")
pass=replace(pass,"&","")
pass=replace(pass,"*","")
pass=replace(pass,"(","")
pass=replace(pass,")","")
pass=replace(pass,"=","")
pass=replace(pass,"","")
pass=replace(pass,"/","")
pass=replace(pass,"|","")
get_pass=pass
endfunction
%>
//
把send.asp和index.htm放到你的ASP目次下,然后再建一个news文件夹。翻开扫瞄器,在地点栏里输出:http://你的呆板名/你的ASP假造目次名/index.html输出笔墨,然后提交,OK!看看你的ASP目次里新建的news文件夹里是否是多了个新的文件夹,并且是以以后日期定名的。内里有你方才提交的笔墨,看看是否是天生了HTML文件。怎样,你能够在此基本上做个复杂的旧事公布体系。。
asp是基于web的一种编程技术,可以说是cgi的一种。它可以完成以往cgi程序的所有功能,如计数器、留言簿、公告板、聊天室等等。 |
|