swfupload

应用安全

橙三吉。 提交于 2020-05-04 05:47:59
SSV-97074 Date 2018 类型 前台任意密码修改 影响范围 前置条件 CVE-2018-20129 Date 2018 类型 前台文件上传 影响范围 前置条件 (1)前台登录 (2)/member/article_add.php可访问 SSV-97087 Date 2018 类型 越权 影响范围 前置条件 (1)有前台登录账号 CVE-2018-9175 Date 2018 类型 影响范围 前置条件 (1)可登录后台 /member/reg_new.php SQL 注入漏洞 /member/buy_action.php SQL 注入漏洞 /member/buy_action.php SQL 注入漏洞 plus/guestbook.php 注入漏洞 /plus/recommend.php SQL 注入漏洞 /tag.php SQL 注入漏洞 /plus/infosearch.php SQL 注入漏洞 /plus/feedback_js.php SQL 注入漏洞 /member/mtypes.php SQL 注入漏洞 /plus/flink_add.php SQL 注入漏洞 member/ajax_membergroup.php SQL 注入漏洞 plus\feedback.php SQL 注入漏洞 plus/search.php SQL 注入漏洞 include

文件输入'accept'属性-有用吗?

蓝咒 提交于 2020-03-17 10:33:19
某厂面试归来,发现自己落伍了!>>> 在html下实现文件上传非常简单,但我只是注意到可以将 <input type="file" ...> accept>属性添加到 <input type="file" ...> 标记中。 此属性作为限制文件上传到图像等的方式有用吗? 最好的使用方法是什么? 或者,是否有一种方法可以限制html文件输入标签的文件类型,最好在文件对话框中? #1楼 accept 属性非常有用。 这是对浏览器的提示,仅显示当前 input 允许的文件。 尽管通常可以被用户覆盖,但默认情况下它可以帮助缩小用户的搜索范围,因此他们可以准确地找到所需的内容,而不必筛选一百种不同的文件类型。 用法 注意: 这些示例是根据当前规范编写的,可能无法在所有(或任何)浏览器中实际使用。 规范将来可能会更改,这可能会破坏这些示例。 h1 { font-size: 1em; margin:1em 0; } h1 ~ h1 { border-top: 1px solid #ccc; padding-top: 1em; } <h1>Match all image files (image/*)</h1> <p><label>image/* <input type="file" accept="image/*"></label></p> <h1>Match all video files

swfupload提示“错误302”的解决方法

亡梦爱人 提交于 2020-02-16 05:44:24
1、关于图片上传控件,flash控件的显示效果要好一些,本人使用swfupload 2、swfupload上传控件使用方式详见文档 http://www.leeon.me/upload/other/swfupload.html 3、参照文档说明和官方demo,写一个小例子是没有任何问题的,在firefox或者chrome下如碰到302错误,错误堆栈如下: SWF DEBUG: SWFUpload Init Complete SWF DEBUG: SWF DEBUG: ----- SWF DEBUG OUTPUT ---- SWF DEBUG: Version: 2.5.0 2010-03-05 Beta 3.2 SWF DEBUG: movieName: SWFUpload_0 SWF DEBUG: Upload URL: /iwebshop/index.php?controller=shop&action=goods_imgupload&photo_name=photo_name&showlist=show_list&single=false SWF DEBUG: File Types String: *.jpg;*.jpge;*.png;*.gif SWF DEBUG: Parsed File Types: jpg,jpge,png,gif SWF DEBUG: HTTP

java实现批量上传(swfupload)

时光毁灭记忆、已成空白 提交于 2020-02-16 05:03:53
下载 swfupload 文件夹 里面包含handlers.js,swfupload.js,swfupload.swf 三个文件。 我的是和ssh项目整合在一起的。因为struts2的拦截器会拦截所有请求,在跳转到上传文件的servlet中时request请求会被转换为struts的请求。所以要去掉struts的请求。 假如web.xml配置的拦截所有请求,可以修改这里,不拦截所有 <filter> <filter-name>struts2</filter-name> <filter-class> org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter </filter-class> <init-param> <param-name>config</param-name> <param-value> struts-default.xml,struts-plugin.xml,resources/struts/struts.xml </param-value> </init-param> <init-param> <param-name>actionPackages</param-name> <param-value>com.yuncai.modules</param-value> </init

SWFUpload “addPostParam” doesn't work

拟墨画扇 提交于 2020-02-06 09:08:45
问题 I've been testing this upload script and it looks really good, but i just can't get it to post values, that i have extracted from inputs. Everything is looking good and it seems I'm writing everything correctly but it just stops SWF DEBUG: Event: uploadStart : File ID: SWFUpload_0_0 , there's my piece of code which causes these troubles .bind('uploadStart', function(event, file){ $(this).addPostParam( "title", "asd"); }) I'm using it as jquery plugin, maybe that's the problem? Thanks! 回答1:

SWFUpload works in IE, but not in Firefox

痴心易碎 提交于 2020-01-19 11:44:27
问题 Using SWFUpload v2.2, Firefox 3, IE 8, Flash 10 In my ASP.NET application all uploads are being processed by upload.aspx (I have the correct upload_url set in the settings object). In IE 8 the uploads hit the upload.aspx page and are processed, but in Firefox they do not. Any suggestions? Most of the code for the page that the user visits to upload a file is shown here (note: master pages are being used): <script type="text/javascript" src="../swfupload/swfupload.js"></script> <script type=

403 Forbidden error on swfupload and django

只谈情不闲聊 提交于 2020-01-02 20:46:12
问题 I'm trying to use a script for multiple file uploads, like swfupload or uploadify on my django application but no matter what I try, I always get a 403 forbidden error for the upload URL. If I try to run the 'same' code (just different links to same files) independently, it works like a charm. Any idea if I'm missing something on my main code or is there some kind of setting that I don't know about? 回答1: This is totally related with CSRF protection . In my case I solved that issue such that,

Every flash uploader giving bad progress values

亡梦爱人 提交于 2020-01-01 16:57:10
问题 The file upload script I wrote early last year for an internal website has been misbehaving oddly on a number of machines. On some machines it consistently works fine, on others it consistently misbehaves. I am having exactly the same problem with YUI Uploader, SWFUpload (2.2 and 2.5a), and Uploadify. On the misbehaving machines, the progress event (or callback as the case may be) is reporting the upload going far too quickly. It is progressing around 9 or 10MB/s, instead of the 50 or 60kb/s

ASP.Net session state not available on another webpage

独自空忆成欢 提交于 2019-12-31 03:51:44
问题 I'm designing a single page web application with all the action happening on default.aspx. I store the user's user id in Session after he logs on. I use SWFUpload in default.aspx to upload files to upload.aspx. When upload.aspx receives a file, it checks HttpContext.Current.Session for the user's id. This used to work, but since recently HttpContext.Current.Session doesn't have any values regarding my session. I must have changed something along the line but I have no idea what. Stranger