ASP的安全威胁 Filesystemobject 文件操作可通过VB的 FileSystemObject,执行 例:查看文件的ASP源码调用格式:M/(a的文件名): Response. Context Type="text/plain file=Request Query String(file) set fsFilesys-=CreateeObiect(Scripting FileSystemObject) set tsCoffee-fs Filesys. Open Text File(file) Response. Write tsCoffee Readall ts Coffee. Close set fs Filesys=Nothing set fs Filesys=NothingASP的安全威胁 FileSystemObiect 文件操作可通过VB的FileSystemObiect来执行 例 查看文件的ASP源码(调用格式 http://xxxx/cat.asp?file=文件名 <% Response.ContextType=“text/plain” file=Request.QueryString(“file”) set fsFilesys=CreateeObiect(“Scripting.FileSystemObject”) set tsCoffee=fsFilesys.OpenTextFile(file) Response.Write tsCoffee.Readall tsCoffee.Close set fsFilesys=Nothing set fsFilesys=Nothing %>