推薦：ASP無組件分頁實(shí)現(xiàn)思路及代碼
無組件分頁不可思議吧，看一看本文的效果就知道了，下面與大家分享下具體的實(shí)現(xiàn)，感興趣的朋友可以參考下哈

 　　標(biāo)題：asp eWebEditor v3.8 列目錄漏洞(其他版本為測試)

　　漏洞文件：asp/browse.asp

　　漏洞產(chǎn)生：

　Sub InitParam()

        sType = UCase(Trim(Request.QueryString("type")))         sStyleName = Trim(Request.QueryString("style"))         sCusDir = Trim(Request.QueryString("cusdir"))         Dim i, aStyleConfig, bValidStyle         bValidStyle = False         For i = 1 To Ubound(aStyle)                 aStyleConfig = Split(aStyle(i), "|||")                 If Lcase(sStyleName) = Lcase(aStyleConfig(0)) Then                         bValidStyle = True                         Exit For                 End If         Next         If bValidStyle = False Then                 OutScript("alert('Invalid Style.')")         End If         sBaseUrl = aStyleConfig(19)         nAllowBrowse = CLng(aStyleConfig(43))         nCusDirFlag = Clng(aStyleConfig(61))         If nAllowBrowse <> 1 Then                 OutScript("alert('Do not allow browse!')")         End If         If nCusDirFlag <> 1 Then                 sCusDir = ""         Else                 sCusDir = Replace(sCusDir, "\", "/")                 If Left(sCusDir, 1) = "/" Or Left(sCusDir, 1) = "." Or Right(sCusDir, 1) = "." Or InStr(sCusDir, "./") > 0 Or InStr(sCusDir, "/.") > 0 Or InStr(sCusDir, "//") > 0 Then                         sCusDir = ""                 Else                         If Right(sCusDir, 1) <> "/" Then                                 sCusDir = sCusDir & "/"                         End If                 End If         End If         sUploadDir = aStyleConfig(3)         If Left(sUploadDir, 1) <> "/" Then                 sUploadDir = "../" & sUploadDir         End If         Select Case sBaseUrl         Case "0"                 sContentPath = aStyleConfig(23)         Case "1"                 sContentPath = RelativePath2RootPath(sUploadDir)         Case "2"                 sContentPath = RootPath2DomainPath(RelativePath2RootPath(sUploadDir))         End Select     sUploadDir = sUploadDir & sCusDir         sContentPath = sContentPath & sCusDir         Select Case sType         Case "FILE"                 sAllowExt = ""         Case "MEDIA"                 sAllowExt = "rm|mp3|wav|mid|midi|ra|avi|mpg|mpeg|asf|asx|wma|mov"         Case "FLASH"                 sAllowExt = "swf"         Case Else                 sAllowExt = "bmp|jpg|jpeg|png|gif"         End Select         sCurrDir = sUploadDir         sDir = Trim(Request("dir")) '1.假設(shè)dir= ../ '2.假設(shè)dir=...// '3.假設(shè)dir=.....///         sDir = Replace(sDir, "\", "/")  '過濾1         sDir = Replace(sDir, "../", "") '過濾2 '1.到這里就被過濾了         sDir = Replace(sDir, "./", "") '過濾3 '2到這里也被功率了 '3到這里就成../了。比較有趣的饒過！好象不少cms這樣過濾過。[/color]         If sDir <> "" Then                 If CheckValidDir(Server.Mappath(sUploadDir & sDir)) = True Then                         sCurrDir = sUploadDir & sDir & "/"                 Else                         sDir = ""                 End If         End If End Sub

分享：ASP如何獲取真實(shí)IP地址
在 ASP 中使用 Request.ServerVariables(REMOTE_ADDR) 來取得客戶端的 IP 地址，但如果客戶端是使用代理服務(wù)器來訪問，那取到的就是代理服務(wù)器的 IP 地址，而不是真正的客戶端 IP 地址。要想透過代理服務(wù)器取得客戶端的真實(shí)IP 地址，就要使用Request.ServerVariables(H