Insert webshell in ASP database

 

Some time ago, the new cloud management system, the online forum, and other webshells were all related to this. Today we have nothing to do. Let's discuss this. In fact, ASP database plug-ins are nothing new, I believe you have also played this. Well, have you ever encountered the case where the inserted asp code is split by spaces (that is, there is a space between each character inserted )? Now let's solve this problem. After analyzing the actual situation of multiple cases, I found that as long as the code is separated by spaces, the Unicode compression attribute of the corresponding field is always "no ". On the contrary, if the Unicode compression attribute is "yes", you can use this field for horse insertion.
After searching, Microsoft officially described Unicode compression: "Microsoft Access 2000 or later uses the Unicode character encoding scheme to represent data in text, remarks, and hyperlink fields. Unicode represents each character as two bytes ...... You need more storage space than Access 97 or earlier ...... You can compensate for the effect caused by the Unicode Character Expression by setting the default value of the Unicode compression attribute of the "text", "Remarks", or "HYPERLINK" field to "yes"

If Unicode compression is enabled, the database automatically stores Latin characters (such as English, Spanish, or German) in one byte. If Unicode compression is disabled, the database uses two bytes (one byte is 0x00, and the text will be automatically converted to spaces) to store Latin characters, the inserted asp code is separated by spaces.

In this case, how can we insert a trojan?