Submit data to a Trojan in GET Mode

This is just a small test to verify your ideas.

A long time ago, I encountered a situation where the server did not allow POST.

At that time, I did not think deeply because of my busy schedule. I encountered another time yesterday when I executed an SQL statement in the background. After exporting a sentence, I found that the kitchen knife could not be connected and POST was not allowed.

At this time, it is impossible to directly execute SQL to export a trojan. What should I do?

So I thought about using GET to submit data to the exported sentence.

If you are not busy tonight, write the test results.

In the ASP environment, a single-statement Trojan is generally executed using two functions: eval and execute.

First, write an eval sentence, and then use GET to submit data to him:

 

A syntax error is prompted, and the data is not saved successfully.

This reminds me of an article I have seen before, saying that the length of parameters is limited when eval is executed, however, I have used two parameters for connecting to the client with a single Trojan Horse. Although I have tried my best to simplify the second parameter, it seems that the length has exceeded.

Execute:

 

 

Succeeded.

However, a large number of theoretical articles on the Internet say that the data submitted in GET mode is limited in length and cannot be submitted with too much data. Please try submitting a big horse now.

 

As a result, I found that the page did not respond when I clicked the "Submit" button. I changed the operabrowser to run a single sentence client and found that the trojan was submitted but not completely written:

 

It seems that the data volume is too large.

In this case, submit an ASP download script:

 

The result shows that there is no problem at all.

So far, we have encountered a perfect breakthrough in POST-failure restrictions, although it is troublesome.