上传函数,求突破
thesums | 2013-12-25 14:04
Function fnUploadImg(ByVal upFile As HttpPostedFile, ByVal uploadPath As String) As String
Dim result As String = ""
Dim intImgSize As Int32
intImgSize = upFile.ContentLength
If intImgSize <> 0 Then
If intImgSize > 500000 Then
result = "图片太大"
Return result
Exit Function
End If
Dim strImgType As String = upFile.ContentType
'只接受.jpg格式的图片
Dim filesplit() As String = Split(strImgType, "/")
strImgType = filesplit(filesplit.Length - 1)
If strImgType = "jpg" Or strImgType = "jpeg" Then
Else
result = "图片格式错误"
Return result
Exit Function
End If
filesplit = Split(upFile.FileName, "\")
Dim filename As String = filesplit(filesplit.Length - 1)
upFile.SaveAs(Server.MapPath("upload\location\" & uploadPath) & "\" & filename)
Dim imgpath As String = "upload/location/" & uploadPath & "/" & filename
result = imgpath
Return result
End If
End Function
相关讨论:
1#
thesums | 2013-12-25 14:05
环境:iis 7.5
2#
thesums | 2013-12-25 14:06
00截断失败
3#
thesums | 2013-12-25 14:11
uploadPath参数不可控
4#
felixk3y (Just do it!) | 2013-12-25 15:05
上传任意文件,抓包修改Content-Type为:image/jpeg
5#
乌帽子 (中国的黄牛就是多,无处不在啊。乌云也有大量哦) | 2013-12-25 15:05
貌似只检测了ContentType
6#
thesums | 2013-12-25 15:49
问题已经解决,感谢felixk3y,乌帽子
7#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-12-26 09:16
Dim strImgType As String = upFile.ContentType ←★
'只接受.jpg格式的图片
Dim filesplit() As String = Split(strImgType, "/")
strImgType = filesplit(filesplit.Length - 1) ←★
If strImgType = "jpg" Or strImgType = "jpeg" Then ←★
Else
result = "图片格式错误"
Return result
Exit Function
End If
filesplit = Split(upFile.FileName, "\") ←★
Dim filename As String = filesplit(filesplit.Length - 1) ←★
upFile.SaveAs(Server.MapPath("upload\location\" & uploadPath) & "\" & filename) ←★
Dim imgpath As String = "upload/location/" & uploadPath & "/" & filename
8#
核攻击 (统治全球,奴役全人类!毁灭任何胆敢阻拦的有机生物!) | 2013-12-26 09:17
只验证了“upFile.ContentType”,任意上传,修改 ContentType = "jpg" Or "jpeg"