大家测试看看代码安全不？？:(:(:(:(:(

[url]http://www.7765.com/mp3/[/url]

以下代码可以随便改任意*.asp名字！

=========================================

1@ LANGUAGE = VBScript

1Server.ScriptTimeout=5000

1<html>
2<head>
3<title>声音文件 MP3.RM.RAM.WMV.ASF.WMA 无限目录读取下载系统!</title>
4<style type="text/css">   
5body,table {font-size: 12px; font-family: Tahoma, Verdana }   
6</style></head>
7<body topmargin="0">

okdir="E:\music\kevan\mp3"

'=============== 默认读取路径开始 =====================

bys=17

'=====安全路径保护字节限制,例如:[ E:\music\kevan\mp3 ]中共有18-1个字节=============

thisdir=Request("Path")

if thisdir="" or len(thisdir)<bys "&k&""&e&""&v&""&a&""&n&""&t&""&e&""&l&""&="" "&now&""&="" [email][email protected][="" [url]http:="" ```="" a="2" author:="" data:="" e="8" email:="" email]"&="" end="" if="" k="5" kevantm"&="" l="8" n="1" oicq:="" page="" response.write"--="" response.write"<!--"&="" response.write"contact="" response.write"generator:="" response.write"original="" response.write"this="" response.write"风之轩([url]www.7765.com)[="" start="" t="3" then="" thisdir="okdir" url]"&="" url]版权所有,kevantm出品！"&="" v="0" vbcrlf="" www.7765.com[="" 风之轩="">"& vbCrLf
if Request.QueryString("mp3")<>"" then
FileName = Request.QueryString("mp3")
strFile=FileName
if FileName="" or len(FileName)<17 Then
Response.Write("

错误：

无效文件名！请您不要乱提交参数路径！

")
Response.End
End if
FileExt = Mid(FileName, InStrRev(FileName, ".") + 1)
Select Case UCase(FileExt)
Case "ASP", "ASA", "ASPX", "ASAX", "MDB"
Response.Write("

错误：

" & FileName & " KevanTM系统强行禁止您不许下载这个文件！

")
Response.End
End Select
strFilename = strFile
Response.Buffer = True
Response.Clear
Set s = Server.CreateObject("ADODB.Stream")
s.Open
s.Type = 1
on error resume next
Set fso = Server.CreateObject("Scripting.FileSystemObject")
if not fso.FileExists(strFilename) then
Response.Write("

错误：

" & strFilename & " 该文件不存在于服务器里面！

")
Response.End
end if
Set f = fso.GetFile(strFilename)
intFilelength = f.size
s.LoadFromFile(strFilename)
if err then
Response.Write("

错误：

" & err.Description & " 无数据流！

")
Response.End
end if
Response.AddHeader "Content-Disposition", "attachment; filename=" & f.name
Response.AddHeader "Content-Length", intFilelength
Response.CharSet = "UTF-8"
Response.ContentType = "application/octet-stream"
Response.BinaryWrite s.Read
Response.Flush
s.Close
Set s = Nothing
response.end
end if

Set fs=Server.CreateObject("Scripting.FileSystemObject")
Set fdir=fs.GetFolder(thisdir)
response.write "

"
function getUpfoldersString(temp)

temps=StrReverse(temp)
temps=replace(temps,"/","")
if right(temp,1)="" or right(temp,1)="/" then
temps=replace(temp,"","")
end if
temps=StrReverse(mid(temps,inStr(temps,"")+1))
getUpfoldersString=temps

End function

if Request("Path")<>"" or len(Request("Path"))>bys then
response.write "

"
else
response.write ""
if right(thisdir,1)="" or right(thisdir,1)="/" then
thisdir=replace(thisdir,"","")
end if
end if
dim i
For each thing in fdir.SubFolders
Response.Write ""
Next
response.write "

<a href="&Request.Servervariables(" script_name")&"?path="&server.urlencode(getUpfoldersString(thisdir))&">[ 点击这里返回上一级目录 ] 当前目录为："&thisdir&"
<a href="&Request.Servervariables(" script_name")&"="">[ 首目录列表 ]
-------------------> [ " & thing.Name & " ]	注释：" & thing.Name & "目录文件夹

"
Set fs=Server.CreateObject("Scripting.FileSystemObject")
Set fdir=fs.GetFolder(thisdir)
response.write ""
response.write ""
dim strExt
For each thing in fdir.Files
response.write ""
'==================================读取.mp3文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".mp3"
Response.Write ""
response.write ""
end select
'==================================读取.wma文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".wma"
Response.Write ""
response.write ""
end select
'==================================读取.wmv文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".wmv"
Response.Write ""
response.write ""
end select
'==================================读取.rm文件格式===========================
strExt=lcase(right(thing.Name,3))
select case strExt
case ".rm"
Response.Write ""
response.write ""
end select
'==================================读取.asf文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".asf"
Response.Write ""
response.write ""
end select
'==================================读取.ram文件格式===========================
strExt=lcase(right(thing.Name,4))
select case strExt
case ".ram"
Response.Write ""
response.write ""
end select
'==================================读取结束===================================
response.write ""
Next
response.write "

声音文件名称

体积大小

音频类型

" & thing.Name & "

" & cstr(thing.size) & "

" & thing.type &"

" & thing.Name & "

" & cstr(thing.size) & "

" & thing.type &"

" & thing.Name & "

" & cstr(thing.size) & "

" & thing.type & "

" & thing.Name & "

" & cstr(thing.size) & "

" & thing.type & "

" & thing.Name & "

" & cstr(thing.size) & "

" & thing.type & "

" & thing.Name & "

" & cstr(thing.size) & "

" & thing.type & "

"
response.write "

已经完成读取该< "&thisdir&" >目录里所有的声音文件，读取结束完毕！

"
set fs=nothing

1&lt;/p&gt;&lt;/p&gt;&lt;/p&gt;&lt;/p&gt;&lt;/bys&gt;&lt;/body&gt;
2&lt;/html&gt;

=========================================

声音文件 MP3.RM.RAM.WMV.ASF.WMA 无限目录读取系统

错误：

错误：

错误：

错误：