[建筑]声音文件 MP3RMRAMWMVASFWMA 无限目录读取下载系统.doc

大家测试看看代码安全不？:(:(:(:(:(urlhttp:/www.7765.com/mp3/url以下代码可以随便改任意*.asp名字！=<% LANGUAGE = VBScript %><%Server.ScriptTimeout=5000%><HTML><HEAD><TITLE>声音文件 MP3.RM.RAM.WMV.ASF.WMA 无限目录读取下载系统!</TITLE><style type="text/css">body,table font-size: 12px; font-family: Tahoma, Verdana </style></HEAD><BODY topmargin=0><%okdir="E:musickevanmp3"'= 默 认 读 取 路 径 开 始 ='_Power by kevanTM All Rights Reserved._bys=17'=安全路径保护字节限制,例如: E:musickevanmp3 中共有18-1个字节=thisdir=Request("Path")if thisdir="" or len(thisdir)<bys thenthisdir=okdirend if%><%k=5e=0v=0a=2n=1t=3e=8l=8Response.Write"<!-"& vbCrLfResponse.Write"Generator: 风之轩 urlhttp:/www.7765.com/url"& vbCrLfResponse.Write"This Page Start Data: "&now&""& vbCrLfResponse.Write"Original Author: kevanTM"& vbCrLfResponse.Write"Contact Email: emailVAVATOM.COM/email"& vbCrLfResponse.Write"Contact OICQ: "&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&""& vbCrLfResponse.Write"风之轩(urlWWW.7765.COM)/url版权所有,KevanTM出品！"& vbCrLfResponse.Write"->"& vbCrLfif Request.QueryString("mp3")<>"" thenFileName = Request.QueryString("mp3")strFile=FileNameif FileName="" or len(FileName)<17 Then Response.Write("<h1>错误：</h1>无效文件名！请您不要乱提交参数路径！<p>") Response.EndEnd ifFileExt = Mid(FileName, InStrRev(FileName, ".") + 1)Select Case UCase(FileExt) Case "ASP", "ASA", "ASPX", "ASAX", "MDB" Response.Write("<h1>错误：</h1>" & FileName & "KevanTM系统强行禁止您不许下载这个文件！<p>") Response.EndEnd SelectstrFilename = strFileResponse.Buffer = TrueResponse.ClearSet s = Server.CreateObject("ADODB.Stream")s.Opens.Type = 1on error resume nextSet fso = Server.CreateObject("Scripting.FileSystemObject")if not fso.FileExists(strFilename) then Response.Write("<h1>错误：</h1>" & strFilename & "该文件不存在于服务器里面！<p>") Response.Endend ifSet f = fso.GetFile(strFilename)intFilelength = f.sizes.LoadFromFile(strFilename)if err then Response.Write("<h1>错误：</h1>" & err.Description & "无数据流！<p>") Response.Endend ifResponse.AddHeader "Content-Disposition", "attachment; filename=" & f.nameResponse.AddHeader "Content-Length", intFilelengthResponse.CharSet = "UTF-8"Response.ContentType = "application/octet-stream" Response.BinaryWrite s.ReadResponse.Flushs.CloseSet s = Nothingresponse.endend ifSet fs=Server.CreateObject("Scripting.FileSystemObject")Set fdir=fs.GetFolder(thisdir)response.write "<table width='100%' cellpadding='2' cellspacing='2'>"function getUpfoldersString(temp)temps=StrReverse(temp)temps=replace(temps,"/","")if right(temp,1)="" or right(temp,1)="/" thentemps=replace(temp,"","")end iftemps=StrReverse(mid(temps,inStr(temps,"")+1)getUpfoldersString=tempsEnd functionif Request("Path")<>"" or len(Request("Path")>bys thenresponse.write "<tr><td colspan='5'><a href="&Request.Servervariables("SCRIPT_NAME")&"?Path="&server.urlencode(getUpfoldersString(thisdir)&"> <font color=#ff6600><b>点击这里返回上一级目录</b></font> </a>当前目录为："&thisdir&"</td></tr>"elseresponse.write "<tr><td colspan='5'><a href="&Request.Servervariables("SCRIPT_NAME")&"> <font color=#ff6600><b>首 目 录 列 表</b></font> </a></td></tr>"if right(thisdir,1)="" or right(thisdir,1)="/" then thisdir=replace(thisdir,"","")end ifend ifdim iFor each thing in fdir.SubFoldersResponse.Write "<tr><td><font color=#efefee>-></font> <font color=red><b><a href='"&Request.Servervariables("SCRIPT_NAME")&"?Path=" & server.urlencode(thisdir) & "" & server.urlencode(thing.Name) & "'>" & thing.Name & "</a></b></font> </td><td>注释：" & thing.Name & "目录文件夹</td></tr>"Nextresponse.write "</table>"Set fs=Server.CreateObject("Scripting.FileSystemObject")Set fdir=fs.GetFolder(thisdir)response.write "<table width='100%' cellpadding='2' cellspacing='2'>"response.write "<tr><td bgcolor='#cccccc'>声音文件名称</td><td bgcolor='#cccccc'>体积大小</td><td bgcolor='#cccccc'>音频类型</td></tr>"dim strExtFor each thing in fdir.Filesresponse.write "<tr>"'=读取.mp3文件格式= strExt=lcase(right(thing.Name,4) select case strExt case ".mp3"Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type &"<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>" end select'=读取.wma文件格式= strExt=lcase(right(thing.Name,4) select case strExt case ".wma"Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type &"<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>" end select'=读取.wmv文件格式= strExt=lcase(right(thing.Name,4) select case strExt case ".wmv"Response.Write "<td><a href='"&Request.Servervariables("SCRIPT_NAME")&"?mp3="&thisdir&"/"&thing.name&"' target='_blank'>" & thing.Name & "</a></td>"response.write "<td>" & cstr(thing.size) & "</td><td>" & thing.type & "<!QQ:"&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&"></td>" end select'=读取.rm文件格式= strExt=lcase(right(thing.Name,3) select case strExt