声音文件 MP3.RM.RAM.WMV.ASF.WMA 无限目录读取下载系统

大家测试看看代码安全不？？:(:(:(:(:(

[url]http://www.7765.com/mp3/[/url]

以下代码可以随便改任意*.ASP名字！

=========================================

<%@ LANGUAGE = VBScript %>
<%Server.ScriptTimeout=5000%>
<Html>
<HEAD>
<TITLE>声音文件 MP3.RM.RAM.WMV.ASF.WMA 无限目录读取下载系统!</TITLE>
<style type="text/Css">
body,table {font-size: 12px; font-family: Tahoma, Verdana }
</style></HEAD>
<BODY topmargin=0>
<%
okdir="E:\music\kevan\mp3"

'=============== 默 认 读 取 路 径 开 始 =====================

'_______________________{Power by kevanTM All Rights Reserved.}_________________________

bys=17

'=====安全路径保护字节限制,例如:[ E:\music\kevan\mp3 ]中共有18-1个字节=============

thisdir=Request("Path")

if thisdir="" or len(thisdir)<bys then

thisdir=okdir

end if
%>
<%
k=5
e=0
v=0
a=2
n=1
t=3
e=8
l=8
Response.Write"<!--"& vbCrLf
Response.Write"Generator: 风之轩 [url]http://www.7765.com[/url]"& vbCrLf
Response.Write"This Page Start Data: "&now&""& vbCrLf
Response.Write"Original Author: kevanTM"& vbCrLf
Response.Write"Contact Email: [email][email protected][/email]"& vbCrLf
Response.Write"Contact OICQ: "&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&""& vbCrLf
Response.Write"风之轩([url]WWW.7765.COM)[/url]版权所有,KevanTM出品！"& vbCrLf
Response.Write"-->"& vbCrLf
if Request.QueryString("mp3")<>"" then
FileName = Request.QueryString("mp3")
strFile=FileName
if FileName="" or len(FileName)<17 Then
  Response.Write("<h1>错误：</h1>无效文件名！请您不要乱提交参数路径！<p>")
    Response.End
End if
FileExt = Mid(FileName, InStrRev(FileName, ".") + 1)
Select Case UCase(FileExt)
    Case "ASP", "ASA", "ASPX", "ASAX", "MDB"
  Response.Write("<h1>错误：</h1>" & FileName & "　KevanTM系统强行禁止您不许下载这个文件！<p>")
  Response.End
End Select
strFilename = strFile
Response.Buffer = True
Response.Clear
Set s = Server.CreateObject("ADODB.Stream")
s.Open
s.Type = 1
on error resume next
Set fso = Server.CreateObject("Scripting.FileSystemObject")
if not fso.FileExists(strFilename) then

[1] [2] [3] [4]  

  Response.Write("<h1>错误：</h1>" & strFilename & "　该文件不存在于服务器里面！<p>")
  Response.End
end if
Set f = fso.GetFile(strFilename)
intFilelength = f.size
s.LoadFromFile(strFilename)
if err then
  Response.Write("<h1>错误：</h1>" & err.Description & "　无数据流！<p>")
  Response.End
end if
Response.AddHeader "Content-Disposition", "attachment; filename=" & f.name
Response.AddHeader "Content-Length", intFilelength
Response.CharSet = "UTF-8"
Response.ContentType = "application/octet-stream"
  Response.BinaryWrite s.Read
Response.Flush
s.Close
Set s = Nothing
response.end
end if

Set fs=Server.CreateObject("Scripting.FileSystemObject")
Set fdir=fs.GetFolder(thisdir)
response.write "<table width='100%' cellpadding='2' cellspacing='2'>"
function getUpfoldersString(temp)

temps=StrReverse(temp)
temps=replace(temps,"/","\")
if right(temp,1)="\" or right(temp,1)="/" then
temps=replace(temp,"\","")
end if
temps=StrReverse(mid(temps,inStr(temps,"\")+1))
getUpfoldersString=temps

End function

if Request("Path")<>"" or len(Request("Path"))>bys then
response.write "<tr><td colspan='5'><a href="&Request.Servervariables("SCRIPT_NAME")&"?Path="&server.urlencode(getUpfoldersString(thisdir))&">[ <font color=#ff6600><b>点击这里返回上一级目录</b></font> ]</a>　　当前目录为："&thisdir&"</td></tr>"
else
response.write "<tr><td colspan='5'><a href="&Request.Servervariables("SCRIPT_NAME")&">[ <font color=#ff6600><b>首 目 录 列 表</b></font> ]</a></td></tr>"
if right(thisdir,1)="\" or right(thisdir,1)="/" then
   thisdir=replace(thisdir,"\","")
end if
end if
dim i
For each thing in fdir.SubFolders
Response.Write "<tr><td><font color=#efefee>-------------------></font>  [ <font color=red><b><a href='"&Request.Servervariables("SCRIPT_NAME")&"?Path=" & server.urlencode(thisdir) & "\" & server.urlencode(thing.Name) & "'>" & thing.Name & "</a></b></font> ]</td><td>注释：" & thing.Name & "目录文件夹</td></tr>"
Next
response.write "</table>"
Set fs=Server.CreateObject("Scripting.FileSystemObject")
Set fdir=fs.GetFolder(thisdir)
response.write "<table width='100%' cellpadding='2' cellspacing='2'>"
response.write "<tr><td bgcolor='#cccccc'>声音文件名称</td><td bgcolor='#cccccc'>体积大小</td><td bgcolor='#cccccc'>音频类型</td></tr>"
dim strExt
For each thing in fdir.Files
response.write "<tr>"
'==================================读取.mp3文件格式===========================

 [1] [2] [3] [4]  

        strExt=lcase(right(thing.Name,4))
        select case strExt
        case ".mp3"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name &  "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type &"<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
        end select
'==================================读取.wma文件格式===========================
        strExt=lcase(right(thing.Name,4))
        select case strExt
        case ".wma"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name &  "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type &"<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
        end select
'==================================读取.wmv文件格式===========================
        strExt=lcase(right(thing.Name,4))
        select case strExt
        case ".wmv"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name &  "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
        end select
'==================================读取.rm文件格式===========================
        strExt=lcase(right(thing.Name,3))
        select case strExt
        case ".rm"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name &  "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
        end select
'==================================读取.asf文件格式===========================

 [1] [2] [3] [4]  

        strExt=lcase(right(thing.Name,4))
        select case strExt
        case ".asf"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name &  "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
        end select
'==================================读取.ram文件格式===========================
strExt=lcase(right(thing.Name,4))
        select case strExt
        case ".ram"
Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name &  "</a></td>"
response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>"
        end select
'==================================读取结束===================================
response.write "<tr>"
Next
response.write "</table>"
response.write "<center><hr>已经完成读取该< "&thisdir&" >目录里所有的声音文件，读取结束完毕！<hr><DIV align=RIGHT><a href='http://www.7765.com' title='www.7765.com  KevanTM制作  QQ：50021388' style='color: #004080' target='_blank'>Powered by <b>Kevan™</b> <b style='color:#FF9900'>Ver1.0</b> &copy; 2004 All Rights Reserved.</a></DIV></center>"
set fs=nothing
%>
</BODY>
</HTML>

=========================================

（出处：http://www.sheup.com）

 [1] [2] [3] [4] 

set fs=nothing
%>
</BODY>
</HTML>

=========================================

（出处：http://www.sheup.com）

 [1] [2] [3] [4] [5] 

response.write "<tr>"
Next
response.write "</table>"
response.write "<center><hr>已经完成读取该< "&thisdir&" >目录里所有的声音文件，读取结束完毕！<hr><DIV align=RIGHT><a href='http://www.7765.com' title='www.7765.com  KevanTM制作  QQ：50021388' style='color: #004080' target='_blank'>Powered by <b>Kevan™</b> <b style='color:#FF9900'>Ver1.0</b> &copy; 2004 All Rights Reserved.</a></DIV></center>"
set fs=nothing
%>
</BODY>
</HTML>

=========================================

（出处：http://www.sheup.com）

 [1] [2] [3] [4] [5] [6]