|
|
大家测试看看代码安全不??:(:(:(:(:(
[url]http://www.7765.com/mp3/[/url]
以下代码可以随便改任意*.asp名字!
=========================================
<%@ LANGUAGE = VBScript %>
<%Server.ScriptTimeout=5000%>
<HTML>
<HEAD>
<TITLE>声音文件 MP3.RM.RAM.WMV.ASF.WMA 无限目录读取下载系统!</TITLE>
<style type="text/css">
body,table {font-size: 12px; font-family: Tahoma, Verdana }
</style></HEAD>
<BODY topmargin=0>
<%
okdir="E:\music\kevan\mp3"
'=============== 默 认 读 取 路 径 开 始 =====================
'_______________________{Power by kevanTM All Rights Reserved.}_________________________
bys=17
'=====安全路径保护字节限制,例如:[ E:\music\kevan\mp3 ]中共有18-1个字节=============
thisdir=Request("Path")
if thisdir="" or len(thisdir)<bys then
thisdir=okdir
end if
%>
<%
k=5
e=0
v=0
a=2
n=1
t=3
e=8
l=8
Response.Write"<!--"& vbCrLf
Response.Write"Generator: 风之轩 [url]http://www.7765.com[/url]"& vbCrLf
Response.Write"This Page Start Data: "&now&""& vbCrLf
Response.Write"Original Author: kevanTM"& vbCrLf
Response.Write"Contact Email: [email]VAVA@TOM.COM[/email]"& vbCrLf
Response.Write"Contact OICQ: "&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&""& vbCrLf
Response.Write"风之轩([url]WWW.7765.COM)[/url]版权所有,KevanTM出品!"& vbCrLf
Response.Write"-->"& vbCrLf
if Request.QueryString("mp3")<>"" then
FileName = Request.QueryString("mp3")
strFile=FileName
if FileName="" or len(FileName)<17 Then
Response.Write("<h1>错误:</h1>无效文件名!请您不要乱提交参数路径!<p>")
Response.End
End if
FileExt = Mid(FileName, InStrRev(FileName, ".") + 1)
Select Case UCase(FileExt)
Case "ASP", "ASA", "ASPX", "ASAX", "MDB"
Response.Write("<h1>错误:</h1>" & FileName & "KevanTM系统强行禁止您不许下载这个文件!<p>")
Response.End
End Select
strFilename = strFile
Response.Buffer = True
Response.Clear
Set s = Server.CreateObject("ADODB.Stream")
s.Open
s.Type = 1
on error resume next
Set fso = Server.CreateObject("Scripting.FileSystemObject")
if not fso.FileExists(strFilename) then
Response.Write("<h1>错误:</h1>" & strFilename & "该文件不存在于服务器里面!<p>")
Response.End
end if
Set f = fso.GetFile(strFilename)
intFilelength = f.size
s.LoadFromFile(strFilename)
if err then
Response.Write("<h1>错误:</h1>" & err.Description & "无数据流!<p>")
Response.End
end if
Response.AddHeader "Content-Disposition", "attachment; filename=" & f.name
Response.AddHeader "Content-Length", intFilelength
Response.CharSet = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite s.Read
Response.Flush
s.Close
Set s = Nothing
response.end
end if
Set fs=Server.CreateObject("Scripting.FileSystemObject")
Set fdir=fs.GetFolder(thisdir)
response.write "<table width='100%' cellpadding='2' cellspacing='2'>"
function getUpfoldersString(temp)
temps=StrReverse(temp)
temps=replace(temps,"/","\")
if right(temp,1)="\" or right(temp,1)="/" then
temps=replace(temp,"\","")
end if
temps=StrReverse(mid(temps,inStr(temps,"\")+1))
getUpfoldersString=temps
End function
if Request("Path")<>"" or len(Request("Path"))>bys then
response.write "<tr><td colspan='5'><a href="&Request.Servervariables("SCRIPT_NAME")&"?Path="&server.urlencode(getUpfoldersString(thisdir))&">[ <font color=#ff6600><b>点击这里返回上一级目录</b></font> ]</a>当前目录为:"&thisdir&"</td></tr>"
else
response.write "<tr><td colspan='5'><a href="&Request.Servervariables("SCRIPT_NAME")&">[ <font color=#ff6600><b>首 目 录 列 表</b></font> ]</a></td></tr>"
if right(thisdir,1)="\" or right(thisdir,1)="/" then
thisdir=replace(thisdir,"\","")
end if
end if
dim i
For each thing in fdir.SubFolders
Response.Write "<tr><td><font color=#efefee>-------------------></font> [ <font color=red><b><a href='"&Request.Servervariables("SCRIPT_NAME")&"?Path=" & server.urlencode(thisdir) & "\" & server.urlencode(thing.Name) & "'>" & thing.Name & "</a></b></font> ]</td><td>注释:" & thing.Name & "目录文件夹</td></tr>"
Next
response.write "</table>"
Set fs=Server.CreateObject("Scripting.FileSystemObject")
Set fdir=fs.GetFolder(thisdir)
response.write "<table width='100%' cellpadding='2' cellspacing='2'>"
response.write "<tr><td bgcolor='#cccccc'>声音文件名称</td><td bgcolor='#cccccc'>体积大小</td><td bgcolor='#cccccc'>音频类型</td></tr>"
dim strExt
For each thing in fdir.Files
response.write "<tr>"
'==================================读取.mp3文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".mp3"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type &"<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
end select
'==================================读取.wma文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".wma"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type &"<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
end select
'==================================读取.wmv文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".wmv"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
end select
'==================================读取.rm文件格式===========================
strExt=lcase(right(thing.Name,3))
select case strExt
case ".rm"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
end select
'==================================读取.asf文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".asf"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
end select
'==================================读取.ram文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".ram"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
end select
'==================================读取结束===================================
response.write "<tr>"
Next
response.write "</table>"
response.write "<center><hr>已经完成读取该< "&thisdir&" >目录里所有的声音文件,读取结束完毕!<hr><DIV align=RIGHT><a href='http://www.7765.com' title='www.7765.com KevanTM制作 QQ:50021388' style='color: #004080' target='_blank'>Powered by <b>Kevan™</b> <b style='color:#FF9900'>Ver1.0</b> © 2004 All Rights Reserved.</a></DIV></center>"
set fs=nothing
%>
</BODY>
</HTML>
=========================================
(出处:风闪网路学院)
|
|
